Vulnerabilities > CVE-2001-1044 - Unspecified vulnerability in Basilix Webmail 0.9.7Beta
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability. CVE-2001-1044 . Webapps exploit for php platform |
id | EDB-ID:20538 |
last seen | 2016-02-02 |
modified | 2001-01-11 |
published | 2001-01-11 |
reporter | Tamer Sahin |
source | https://www.exploit-db.com/download/20538/ |
title | Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | BASILIX_INC_FILES.NASL |
description | It is possible to download the include files on the remote BasiliX webmail service. An attacker may use these to obtain the MySQL authentication credentials. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10601 |
published | 2001-01-25 |
reporter | This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10601 |
title | Basilix Webmail .class / .inc Direct Request Remote Information Disclosure |
code |
|