Magic Winmail Server LDapLib.PHP Remote Installation Path Disclosure Vulnerability
BID:9786
Info
Magic Winmail Server LDapLib.PHP Remote Installation Path Disclosure Vulnerability
| Bugtraq ID: | 9786 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2004 12:00AM |
| Updated: | Mar 02 2004 12:00AM |
| Credit: | Disclosure of this issue has been credited to Dr_insane <[email protected]>. |
| Vulnerable: |
AMAX Information Technologies Inc. Magic Winmail Server 3.6 |
| Not Vulnerable: | |
Discussion
Magic Winmail Server LDapLib.PHP Remote Installation Path Disclosure Vulnerability
It has been reported that Magic Winmail Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user input.
Successful exploitation of this issue may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
It has been reported that Magic Winmail Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user input.
Successful exploitation of this issue may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system.
Exploit / POC
Magic Winmail Server LDapLib.PHP Remote Installation Path Disclosure Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Magic Winmail Server LDapLib.PHP Remote Installation Path Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Magic Winmail Server LDapLib.PHP Remote Installation Path Disclosure Vulnerability
References:
References:
- ldaplib.php reveal local path of Winmail server 3.6 webmail directory (Dr_insane
- Magic Winmail Server (AMAX Information Technologies Inc.)