Description
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Donnie Werner · textwebappsphp
https://www.exploit-db.com/exploits/24176
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16319
Exploit, Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6745
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10483
Exploit, Patch x_refsource_misc
http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
Exploit, Patch mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11772
Patch x_refsource_confirm
http://www.netwinsite.com/surgemail/help/updates.htm
Scores
EPSS
0.1798
EPSS Percentile
95.2%
Details
Status
published
Products (46)
netwin/surgemail
1.0c
netwin/surgemail
1.0d
netwin/surgemail
1.1a
netwin/surgemail
1.1b
netwin/surgemail
1.1c
netwin/surgemail
1.1d
netwin/surgemail
1.2a
netwin/surgemail
1.2b
netwin/surgemail
1.2c
netwin/surgemail
1.3a
... and 36 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026