MidnightBSD

Advisories for basilix

CVE-2001-1044 HIGH

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
basilix basilix_webmail 0.9.7_beta
CVE-2001-1045 MEDIUM

Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
basilix basilix_webmail 1.02_beta
basilix basilix_webmail 1.03_beta
CVE-2002-1708 MEDIUM

Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
basilix basilix_webmail 1.1.0
CVE-2002-1709 MEDIUM

SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
basilix basilix_webmail 1.1.0
CVE-2002-1710 LOW

The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
basilix basilix_webmail 1.1.0
CVE-2002-1711 LOW

BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
basilix basilix_webmail 1.1.0