Info

Disclosure

Feb 17, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

V-webmail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when invalid parameters are passed to the 'help.php' script, which will disclose file system path information resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

V-webmail Development Team

V-webmail

1.6.2

References

Secunia Advisory ID: 18776
CVE ID: 2006-0794 (see also: NVD)
Related OSVDB ID: 23260 23261
ISS X-Force ID: 24754
VUPEN Advisory: ADV-2006-0639
Vendor URL: http://www.v-webmail.org/

Credit

$um$id -

Direct URL: http://osvdb.org/23262