Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3060

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3060
Last Modified 23 Oct 2008 02:04:45
Published 07 Oct 2008 08:00:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3060

Summary

V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message.

Vulnerable Systems

Application

  • V-webmail 1.5.0


References

XF - vwebmail-loginpage-path-disclosure(45853)

OSVDB - 48794

OSVDB - 48793

MISC - http://osvdb.org/ref/48/48-v-webmail.txt


Last Updated: 27 May 2016 10:48:04