• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CommuniGate Pro Webmail File Disclosure Vulnerability

A file disclosure vulnerability has been reported in the CommuniGate Pro webmail component.

A specially crafted web request containing dot-dot-slash (../) directory traversal sequences may break out of the document root and disclose arbitrary web server readable files that exist on the underlying host.

Exploitation of this vulnerability may lead to disclosure of sensitive information that may be useful in mounting further attacks on the host system. This issue was reported for CommuniGate Pro on FreeBSD. It is likely that the software is affected on other platforms as well.