347 matches found
IceWarp Mail Server Path Traversal Vulnerability (CNVD-2019-36907)
IceWarp Mail Server is a mail server product from IceWarp USA. The product supports e-mail archiving, SmartAttach attachments, automatic migration, etc. IceWarp Webclient is a Web-based IceWarp client program. A path traversal vulnerability exists in IceWarp Webclient versions prior to 10.2.1. Th...
IceWarp Mail Server Cross-Site Scripting Vulnerability (CNVD-2019-36915)
IceWarp Mail Server is a mail server product from IceWarp USA. The product supports e-mail archiving, SmartAttach attachments, automatic migration, etc. IceWarp Webclient is a Web-based IceWarp client program. A cross-site scripting vulnerability exists in IceWarp Webclient versions prior to...
IceWarp Mail Server Path Traversal Vulnerability (CNVD-2019-36908)
IceWarp Mail Server is a mail server product from IceWarp USA. The product supports e-mail archiving, SmartAttach attachments, automatic migration, etc. IceWarp Webclient is a Web-based IceWarp client program. A path traversal vulnerability exists in IceWarp Webclient versions prior to 10.2.1. Th...
CVE-2010-5336
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0...
CVE-2010-5340
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0...
CVE-2010-5339
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchauid is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5337
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter script to basic/minimizer/index.php is not properly sanitised and can therefore be exploited t...
CVE-2010-5338
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5334
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter c to basic/index.html is not properly sanitised and can therefore be exploited to browse the...
Directory traversal
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter script to basic/minimizer/index.php is not properly sanitised and can therefore be exploited t...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchauid is non-persistent in 10.1.3 and 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...
Directory traversal
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter c to basic/index.html is not properly sanitised and can therefore be exploited to browse the...
CVE-2010-5334
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter c to basic/index.html is not properly sanitised and can therefore be exploited to browse the...
CVE-2010-5334
IceWarp Webclient before 10.2.1 contains a directory traversal vulnerability. Input passed via the _c parameter to basic/index.html is not properly sanitised, allowing reading arbitrary files on the IceWarp Mailserver or host OS. Affected: IceWarp Webclient prior to 10.2.1; impact described as po...
CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter script to basic/minimizer/index.php is not properly sanitised and can therefore be exploited t...
CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. The issue arises from inadequate sanitisation of input passed to a parameter in script to basic/minimizer/index.php, allowing an attacker to read arbitrary files on the IceWarp Mailserver or potentially the underlying OS. Mu...