Vulners
Lucene search
Trlinux Postaci Webmail 1.1.3 Password Disclosure Vulnerability
source: http://www.securityfocus.com/bid/2029/info
Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database.
Webmail stores database username and password information in a file called global.inc. This file is world-readable and stored in a directory accessible by a web browser over the internet. As a result, an attacker can retrieve the global.inc file with a web browser on a typical system (default configuration). Once obtained, the attacker may be able to access the systems database.
Successful exploitation will lead to the attacker gaining unauthorized access to the database.
Depending on the database and system type, this may lead to a compromise of interactive access on the host running Webmail and the database.
http://target/includes/global.inc
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1