CVE-2001-1044

Basilix Webmail 0.9.7beta, and possibly other versions, stores .class and .inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file...

CVE-2001-0990

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library...

Basilix Webmail .class / .inc Direct Request Remote Information Disclosure

It is possible to download the include files on the remote BasiliX webmail service. An attacker may use these to obtain the MySQL authentication credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10601;...

PostACI Webmail Vulnerability

The PostACI webmail system contains a rather trival vulnerability. One can obtain the hostname, username and password variables for the MySQL server in addition to other setup information if PostACI is setup as described running out of the box by simplying going to the url:...