NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure
| EKU-ID: 29591 | CVE: CVE-2004-2547;OSVDB-6745 | OSVDB-ID: |
| Author: Donnie Werner | Published: 2004-06-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29591 | CVE: CVE-2004-2547;OSVDB-6745 | OSVDB-ID: |
| Author: Donnie Werner | Published: 2004-06-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks. SurgeMail versions 1.9 and prior and WebMail 3.1d are affected by these issues. http://www.example.com/[non-existant request]