| Tripbit Security Advisory | TA-220603 |
Severity:
|
Medium/High |
Application: |
VisNetic WebMail v.5.8.6.6 |
Platform: |
Windows |
Class: |
Failure to Handle Excetional Conditions |
Release
Date: |
June 20th, 2003 |
Vendor:
|
http://www.deerfield.com |
VisNetic
MailServer: a multi-threaded, multiprocessor capable mail server that
supports the most widely used mail protocols including SMTP, POP3, IMAP4,
(including ACL) and LDAP. Each of these protocols can be secured using
SSL/TLS and it can accommodate unlimited domains and accounts with built-in
support for the VisNetic AntiVirus Plug-in. VisNetic WebMail: a web-based
mail system providing access to e-mail using any web browser form. |
A bugs
has been located in VisNetic WebMail which allows PHP source-code disclosure. of any file, by adding a "dot" behind the requested site. Example: http://host:32000/mail/admin/../include.html. http://host:32000/mail/admin/../settings.html. |
No solution for the moment.
|
The
vendor has been notified and is working on an solution. |
The
information within this paper may change without notice. Use of this information
constitutes acceptance for use in an 'AS IS' condition. There are 'NO'
warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is
at the user's own risk. |
| This
vulnerability has been found and researched by: posidron posidron@tripbit.org rushjo rushjo@tripbit.org |
You
can find the latest version of this warning under the following URL: http://www.tripbit.org/advisories/TA-220603.html |