15 matches found
EUVD-2019-8892
Malware in sbrugna...
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 1 of 2 in notes for contacts...
IceWarp Webmail Server color Cross-Site Scripting Vulnerability
IceWarp Webmail Server is a WEB mail server. IceWarp Webmail Server color handling suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to sensitive information or hijack...
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...
IceWarp WebMail Server Cross-Site Scripting Vulnerability (CNVD-2020-02978)
IceWarp WebMail Server is a Web-based mail server product from the U.S. company IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in object annotations in IceWarp WebMail Server version 12.2.0 and...
Cross site scripting
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 1 of 2 in notes for contacts...
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 are affected by a cross-site scripting vulnerability in notes for contacts. The root cause is lack of proper validation of client data by the WEB application, enabling attacker-supplied content (e.g., manipulated vCard) to execute JavaScrip...
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 are affected by a Cross‑Site Scripting (XSS) vulnerability in object notes. The root cause is lack of proper validation of client‑side data by the WEB application, allowing injected JavaScript to execute when notes are displayed to users....
IceWarp WebMail口令取回功能输入验证漏洞
BUGTRAQ ID: 34827 CVECAN ID: CVE-2009-1469 Merak Email Server是一个全面的办公室局域网或Internet通讯邮件解决方案。 Merak邮件服务器的WebMail模块在登陆页面提供了“忘记口令”取回功能,忘记了登录口令的用户可以在这里向邮件服务器提供他们的邮件地址,之后服务器检查系统中是否存在这个地址并将相关的用户口令发回到这个地址。 在点击Forgot Password页面的提交按键时,所发送的HTTP POST请求包含有类似于以下的负载:...
[RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in the IceWarp WebMail Server. Attackers that are in control of a user account for the web-based email and groupware components are able to execut...
IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities
Binary data 5019.prm...