Vulners
Lucene search
Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability
source: http://www.securityfocus.com/bid/2198/info
A vulnerability has been reported in basilix webmail v. 0.9.7b.
Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses.
These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts,they can be retrieved by remote users.
Properly exploited, this information can allow further attacks on the affected host.
http://target/class/mysql.class
http://target/inc/sendmail.inc (settings.inc and etc.)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1