NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Surgemail | Netwin | 1.3d | 1.3d |
Surgemail | Netwin | 1.1a | 1.1a |
Surgemail | Netwin | 1.8e | 1.8e |
Surgemail | Netwin | 1.6e2 | 1.6e2 |
Surgemail | Netwin | 1.3i | 1.3i |
Surgemail | Netwin | 1.3c | 1.3c |
Surgemail | Netwin | 1.3b | 1.3b |
Surgemail | Netwin | 1.1d | 1.1d |
Surgemail | Netwin | 1.3l | 1.3l |
Surgemail | Netwin | 1.7b3 | 1.7b3 |
Surgemail | Netwin | 1.5f | 1.5f |
Surgemail | Netwin | 1.6e | 1.6e |
Surgemail | Netwin | 1.6d | 1.6d |
Surgemail | Netwin | 1.4c | 1.4c |
Surgemail | Netwin | 1.3k | 1.3k |
Surgemail | Netwin | 1.3a_rc1 | 1.3a_rc1 |
Surgemail | Netwin | 1.5d2 | 1.5d2 |
Surgemail | Netwin | 1.2a | 1.2a |
Surgemail | Netwin | 1.6a | 1.6a |
Webmail | Netwin | 3.1d | 3.1d |
Surgemail | Netwin | 1.5a | 1.5a |
Surgemail | Netwin | 1.3g | 1.3g |
Surgemail | Netwin | 1.5c | 1.5c |
Surgemail | Netwin | 1.0d | 1.0d |
Surgemail | Netwin | 1.3f | 1.3f |
Surgemail | Netwin | 1.3h | 1.3h |
Surgemail | Netwin | 1.1c | 1.1c |
Surgemail | Netwin | 1.2b | 1.2b |
Surgemail | Netwin | 1.5b | 1.5b |
Surgemail | Netwin | 1.4b | 1.4b |
Surgemail | Netwin | 1.1b | 1.1b |
Surgemail | Netwin | 1.0c | 1.0c |
Surgemail | Netwin | 1.8d | 1.8d |
Surgemail | Netwin | 1.8b3 | 1.8b3 |
Surgemail | Netwin | 1.7a | 1.7a |
Surgemail | Netwin | 1.3a | 1.3a |
Surgemail | Netwin | 1.4a | 1.4a |
Surgemail | Netwin | 1.8g3 | 1.8g3 |
Surgemail | Netwin | 1.8a | 1.8a |
Surgemail | Netwin | 2.0a2 | 2.0a2 |
Surgemail | Netwin | 1.3j | 1.3j |
Surgemail | Netwin | 1.6b | 1.6b |
Surgemail | Netwin | 1.3e | 1.3e |
Surgemail | Netwin | 1.9b2 | 1.9b2 |
Surgemail | Netwin | 1.5d | 1.5d |
Surgemail | Netwin | 1.2c | 1.2c |