RSS   Vulnerabilities for 'Webmail'   RSS

2008-01-09
 
CVE-2008-0210

 

 
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.

 
2008-01-08
 
CVE-2008-0140

 

 
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.

 

 >>> Vendor: Uebimiau 2 Products
Webmail
Uebimiau


Copyright 2024, cxsecurity.com

 

Back to Top