Vulnerability in c-client library (tested with versions 2000,2001,2004),
mail_open
could be used to open stream to local files.
For php and imap module
imap_open allow to bypass safemode and open_basedir restrictions.
Use imap_body or others to view a file and imap_list to recursively list a
Vulnerable: PHP4, PHP5
with use of sendmail 8.13.4
When safemode disabled and open_basedir restriction in effect, we can pass
extra parameters
to sendmail command in mail function, especially the -C and -X arguments.
-C for alternate configuration file
-X to log all in a file
Can be used to