CVE-2005-0324

Description

Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

Affected products

• captaris / infinite_mobile_delivery_webmail2.6 – 2.6

References

• MISChttp://www.securityfocus.com/bid/12399
• VENDOR_ADVISORYhttp://secunia.com/advisories/14075
• MISChttp://www.lovebug.org/imd_advisory.txt
• MAILING_LISThttp://marc.info/?l=bugtraq&m=110703630922262&w=2
• MISChttp://securitytracker.com/id?1013044
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/19154