RSS   Vulnerabilities for 'Atmail'   RSS

2008-08-10
 
CVE-2008-3579

CWE-287
 

 
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
2008-07-31
 
CVE-2008-3395

CWE-264
 

 
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 

 >>> Vendor: Calacode 3 Products
At mail webmail system
Atmail webmail system
Atmail


Copyright 2022, cxsecurity.com

 

Back to Top