AtMail


# VER L/R AUTH S REPORTED TYPE DESCRIPTION
01 5.41 L N N 05/27/2008 permissions world readable database config
02 5.41 L N N 05/27/2008 permissions world readable admin user .htpasswd
03 5.41 R N N unreported info leak remotely download the atmail/ directory (db config, .htpasswd, more)




Trivial very minor issues
Low XSS, info leaks
Medium destructive actions, access others' accounts
High local root (auth required), /root/.accesshash, /etc/shadow access
Less Critical local root (no auth required)
Critical remote root (no auth required)
L/R Local/Remote
Auth Authentication required
S Bug found via source code review