NetWin (1) SurgeMail prior to 2.0c and (2) WebMail allow remote malicious users to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
netwin surgemail 1.1a |
||
netwin surgemail 1.1b |
||
netwin surgemail 1.3a_rc1 |
||
netwin surgemail 1.3b |
||
netwin surgemail 1.3j |
||
netwin surgemail 1.3k |
||
netwin surgemail 1.5c |
||
netwin surgemail 1.5d |
||
netwin surgemail 1.6e2 |
||
netwin surgemail 1.7a |
||
netwin surgemail 2.0a2 |
||
netwin webmail 3.1d |
||
netwin surgemail 1.2a |
||
netwin surgemail 1.2b |
||
netwin surgemail 1.3e |
||
netwin surgemail 1.3f |
||
netwin surgemail 1.3g |
||
netwin surgemail 1.4b |
||
netwin surgemail 1.4c |
||
netwin surgemail 1.6a |
||
netwin surgemail 1.6b |
||
netwin surgemail 1.8b3 |
||
netwin surgemail 1.8d |
||
netwin surgemail 1.8e |
||
netwin surgemail 1.0c |
||
netwin surgemail 1.0d |
||
netwin surgemail 1.2c |
||
netwin surgemail 1.3a |
||
netwin surgemail 1.3h |
||
netwin surgemail 1.3i |
||
netwin surgemail 1.5a |
||
netwin surgemail 1.5b |
||
netwin surgemail 1.6d |
||
netwin surgemail 1.6e |
||
netwin surgemail 1.8g3 |
||
netwin surgemail 1.9b2 |
||
netwin surgemail 1.1c |
||
netwin surgemail 1.1d |
||
netwin surgemail 1.3c |
||
netwin surgemail 1.3d |
||
netwin surgemail 1.3l |
||
netwin surgemail 1.4a |
||
netwin surgemail 1.5d2 |
||
netwin surgemail 1.5f |
||
netwin surgemail 1.7b3 |
||
netwin surgemail 1.8a |
Vulmon