2 matches found
CVE-2002-2399
The CVE-2002-2399 entry describes a directory traversal vulnerability in W3Mail 1.0.6, specifically in viewAttachment.cgi, where an attacker can read arbitrary files by supplying a .. sequence in the file parameter. This is supported by multiple sources (NVD entry and Red Hat security page) that ...
W3Mail 1.0.6 - File Disclosure
source: https://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open function as the filenam...