2 matches found
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
The script 'basilix.php3' is installed on the remote web server. Some versions of this webmail software allow the users to read any file on the system with the permission of the webmail software, and execute any PHP. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: From: "karol "...
CVE-2001-1044
Basilix Webmail 0.9.7beta, and possibly other versions, stores .class and .inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file...