Vuln Dev
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Atmail Remote Authentication Bypass, Full DB Compromise
Jul 30 2008 03:33PM
free_julie_amero hush com
@Mail PHP Version 5.41 patch Release
http://atmail.com/demo/atmailphpdemo.tgz
The default install of Atmail 5.41 creates the following
file in the atmail/ directory: build-plesk-upgrade.php
If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php
it will execute...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
http://atmail.com/demo/atmailphpdemo.tgz
The default install of Atmail 5.41 creates the following
file in the atmail/ directory: build-plesk-upgrade.php
If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php
it will execute...
[ more ]