NOCC Webmail 1.0 allows remote malicious users to obtain the installation path via a direct request to html/header.php.
nocc nocc 1.0