Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2005-4558
HistoryDec 28, 2005 - 11:03 a.m.

CVE-2005-4558

2005-12-2811:03:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
35
cve-2005-4558
icewarp
web mail
merak mail server
visnetic mail server
security vulnerability
php code
language parameter

6.5 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.118 Low

EPSS

Percentile

95.2%

JSON

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.

Related

cve 1
prion 1
openvas 2
nessus 1
cve
cve
CVE-2006-0818
2006-07-21 14:03:00
prion
prion
Directory traversal
2006-07-21 14:03:00
openvas
openvas
VisNetic / Merak Mail Server multiple flaws
2006-03-26 00:00:00
VisNetic / Merak Mail Server multiple flaws
2006-03-26 00:00:00
nessus
nessus
VisNetic / Merak Mail Server Multiple Remote Vulnerabilities
2005-12-28 00:00:00

6.5 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.118 Low

EPSS

Percentile

95.2%

JSON
Related for CVE-2005-4558
cve1prion1openvas2nessus1