2 matches found
Directory traversal
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. dot dot in the selectedtheme parameter, a different vector than CVE-2007-3172...
CVE-2007-3172
CVE-2007-3172 relates to a directory traversal in UebiMiau Webmail via the demo/pop3/error.php (selected_theme parameter) that allows remote disclosure of directory existence. Connected sources describe a broader set of input-validation issues in UebiMiau’s error.php: similar traversal/file-discl...