Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Atmail Remote Authentication Bypass, Full DB Compromise
Jul 30 2008 03:33PM
free_julie_amero hush com
@Mail PHP Version 5.41 patch Release
The default install of Atmail 5.41 creates the following
file in the atmail/ directory: build-plesk-upgrade.php
If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php
it will execute...
[ more ]
Copyright 2010, SecurityFocus