-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all!
I am implementing an Horde/IMP webmail on a server. It connects into my IMAP server. If I log into the webmail and type in the address bar
https://webmail.yoursite.org/horde/imp/mailbox.php?mailbox=/etc/passwd
appears in my screen the file.
I asked about it in the HORDE mail list, and they said that it isn't his program's vulnerability, but an IMAP's vulnerability. Is this true? Is there a patch for this vulnerability, if it is really one?
I'm using debian and installed IMAP via apt-get.
Thanks, - -- Thiago Alves Siqueira ACME! Computer Security Researcher [EMAIL PROTECTED] - Brazil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFALQNT2LAJCBHtEnMRArO5AJ4pQqrutqcfFhm0rnhX5KaTI1ofOQCgp5MJ w7xSqVH4StfMl2r2MUmRj+g= =PnLC -----END PGP SIGNATURE-----
--
------------------------------------------------------------------
For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html
------------------------------------------------------------------
