Unrated severityNVD Advisory· Published Jun 2, 2006· Updated Apr 16, 2026

CVE-2006-2308

Description

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

Affected products

Etype/Eserv2 versions
cpe:2.3:a:etype:eserv:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:etype:eserv:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:etype:eserv:3.25:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20059nvdPatchVendor Advisory
www.eserv.ru/ru/news/news_detail.phpnvdPatch
www.securityfocus.com/bid/18179nvdPatch
secunia.com/secunia_research/2006-37/advisory/nvdVendor Advisory
securityreason.com/securityalert/1006nvd
www.securityfocus.com/archive/1/435415/100/0/threadednvd
www.vupen.com/english/advisories/2006/2066nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26738nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000