# | VER | L/R | AUTH | S | REPORTED | TYPE | DESCRIPTION |
01 | 5.41 | L | N | N | 05/27/2008 | permissions | world readable database config |
02 | 5.41 | L | N | N | 05/27/2008 | permissions | world readable admin user .htpasswd |
03 | 5.41 | R | N | N | unreported | info leak | remotely download the atmail/ directory (db config, .htpasswd, more) |
Trivial | very minor issues |
Low | XSS, info leaks |
Medium | destructive actions, access others' accounts |
High | local root (auth required), /root/.accesshash, /etc/shadow access |
Less Critical | local root (no auth required) |
Critical | remote root (no auth required) |
L/R | Local/Remote |
Auth | Authentication required |
S | Bug found via source code review |