2 matches found
CVE-2008-0210
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sessauth=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without...
CVE-2008-0210
Affected software: Uebimiau Webmail 2.7.10 and 2.7.2. The CVE-2008-0210 issue arises from improper protection of authentication state variables, allowing remote attackers to bypass authentication via a sess[auth]=1 parameter. This can enable authenticated- or unauthenticated-access scenarios, and...