Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-0332

Description

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.

Affected products

Ventia/Desknow Mail And Collaboration Server2 versions
cpe:2.3:a:ventia:desknow_mail_and_collaboration_server:2.5.12:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ventia:desknow_mail_and_collaboration_server:2.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:ventia:desknow_mail_and_collaboration_server:2.5.13:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/12421nvdPatch
www.security.org.sg/vuln/desknow2512.htmlnvdVendor Advisory
marc.infonvd
secunia.com/advisories/14116nvd
securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/19206nvd
exchange.xforce.ibmcloud.com/vulnerabilities/19211nvd
exchange.xforce.ibmcloud.com/vulnerabilities/19212nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000