CVE-2006-0893

Name of the Vulnerable Software and Affected Versions NOCC Webmail version 1.0

Description The issue allows remote attackers to obtain sensitive information by making a direct request to the "profiles directory" and the "tmp directory". The profiles directory leaks e-mail addresses contained in filenames of profiles, while the tmp directory lists names of uploaded attachments.

Recommendations For NOCC Webmail version 1.0, restrict access to the profiles and tmp directories to prevent information leakage. As a temporary workaround, consider disabling direct access to these directories until a more permanent solution is available.