Lucene search
K
IcewarpWeb Mail

25 matches found

CVE
CVE
added 2006/07/18 10:0 p.m.78 views

CVE-2006-0818

CVE-2006-0818 describes an absolute path directory traversal/remote file inclusion in IceWarp/Merak/VisNetic webmail that allows remote unauthenticated? Actually Secunia states remote access and authentication not required for some; the vulnerability is exploitable by authenticated or remote user...

4CVSS6.5AI score0.02052EPSS
Web
CVE
CVE
added 2006/07/18 11:0 p.m.66 views

CVE-2006-0817

CVE-2006-0817 is a directory traversal/remote file inclusion vulnerability in IceWarp Web Mail bundled with Merak/VisNetic Mail Server. The flaw stems from improper sanitization in the language/lang_settings parameters via the securepath function in accounts/inc/include.php and admin/inc/include....

5CVSS6.7AI score0.05452EPSS
Web
CVE
CVE
added 2005/12/28 11:0 a.m.64 views

CVE-2005-4558

CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...

6.5CVSS6.4AI score0.08328EPSS
Web
CVE
CVE
added 2005/02/20 5:0 a.m.62 views

CVE-2004-1669

CVE-2004-1669 describes a cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 when used with IceWarp Web Mail 5.2.7 (and possibly other versions). The issue allows remote attackers to run arbitrary HTML/JavaScript in a victim’s browser by supplying malicious input to (1) the User ...

4.3CVSS6.2AI score0.01177EPSS
CVE
CVE
added 2005/05/11 4:0 a.m.62 views

CVE-2005-1491

CVE-2005-1491 affects Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. The issue allows remote authenticated users to perform file operations: (1) move their home directory via viewaction.html and (2) move arbitrary files via the importaction.html importfile parameter. The root cause is a vul...

4.6CVSS6.8AI score0.00578EPSS
CVE
CVE
added 2005/10/04 4:0 a.m.62 views

CVE-2005-3133

Observation: CVE-2005-3133 describes multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 (and possibly earlier versions). The issues allow remote attackers to: (1) delete arbitrary files or directories via a relative path supplied to the id paramet...

5CVSS7.2AI score0.06114EPSS
CVE
CVE
added 2005/12/28 11:0 a.m.61 views

CVE-2005-4557

CVE-2005-4557 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue is a remote inclusion vulnerability: an attacker can cause the system to include arbitrary local files via a null byte (%00) in the lang parameter, likely due to a ...

5CVSS6.7AI score0.09482EPSS
Web
CVE
CVE
added 2005/12/28 11:0 a.m.60 views

CVE-2005-4556

CVE-2005-4556 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). When register_globals is on, remote attackers can exploit PHP remote file include via the lang_settings and language parameters in accounts/inc/include.php and admin/inc/include...

7.5CVSS6.6AI score0.1037EPSS
Web
CVE
CVE
added 2005/02/10 5:0 a.m.58 views

CVE-2005-0320

CVE-2005-0320 concerns multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0. The issues allow remote attackers to inject arbitrary web script or HTML via specific parameters: login.html (username), accountsettings_add.html (accountid), and calendar....

5CVSS6.1AI score0.02615EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.52 views

CVE-2004-1670

CVE-2004-1670 affects Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The vulnerability enables directory traversal: an attacker can create arbitrary directories by supplying .. in the user parameter to viewaction.html, and can rename arbitrary files by supplyin...

7.5CVSS7.1AI score0.0183EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.52 views

CVE-2004-1674

The CVE-2004-1674 entry concerns Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The vulnerability is in viewaction.html, where input parameters originalfolder and messageid enable remote attackers to perform file operations. Specifically, attackers can delete a...

7.5CVSS6.9AI score0.01549EPSS
CVE
CVE
added 2005/02/10 5:0 a.m.52 views

CVE-2005-0321

CVE-2005-0321 affects MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0. An authenticated remote user can cause information disclosure by requesting one of four calendar pages (calendar_d.html, calendar_m.html, calendar_w.html, calendar_y.html), which reveals the installation path. The issue is...

2.1CVSS6.2AI score0.00675EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.51 views

CVE-2002-1899

IceWarp Web Mail versions 3.3.3 and 3.4.5 are affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the Full Name (addressname) parameter. The connected sources confirm the affected product and the vulnerable input, but do n...

4.3CVSS6AI score0.01255EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.51 views

CVE-2004-1671

The CVE-2004-1671 entry describes an information disclosure in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The vulnerability allows remote attackers to gain sensitive information via direct requests to two web pages: accountsettings_add.html and topmenu.html...

5CVSS6.7AI score0.01566EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.51 views

CVE-2004-1673

The CVE-2004-1673 entry concerns Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The flaw allows remote attackers to create text files with arbitrary content via the accountid parameter in accountsettings_add.html, indicating insufficient input validation in the...

7.5CVSS6.9AI score0.01746EPSS
CVE
CVE
added 2005/05/11 4:0 a.m.51 views

CVE-2005-1490

CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2) : When the mailbox.dat file does not exist, remote authenticated users can determine whether a file exists by using the folder parameter to attachment.html. The affected components are Merak Mail Server 8.0.3 and Icewarp Web Mail...

2.1CVSS6.6AI score0.00585EPSS
CVE
CVE
added 2005/02/10 5:0 a.m.50 views

CVE-2005-0322

CVE-2005-0322 affects MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2. The issue is weak encryption in the configuration and data files (users.cfg, settings.cfg, users.dat, user.dat), which allows local users to extract stored passwords. T...

7.2CVSS6.7AI score0.0024EPSS
CVE
CVE
added 2005/05/11 4:0 a.m.49 views

CVE-2005-1488

Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 contains multiple cross-site scripting (XSS) vulnerabilities. Remote authenticated users can inject arbitrary web script or HTML through four input paths: (1) E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction....

1.9CVSS5.7AI score0.00273EPSS
CVE
CVE
added 2005/10/04 4:0 a.m.49 views

CVE-2005-3131

Summary (CVE-2005-3131) : Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 (and possibly earlier) allow remote attackers to inject arbitrary web script or HTML. The issues arise via the (1) id parameter to blank.html and (2) createdataCX ...

4.3CVSS5.9AI score0.03645EPSS
CVE
CVE
added 2005/12/28 11:0 a.m.49 views

CVE-2005-4559

CVE-2005-4559 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue lies in mail/include.html where default_layout and layout_settings are not properly initialized when an unrecognized HTTP_USER_AGENT is sent. This allows remote att...

5CVSS6.7AI score0.08596EPSS
Web
CVE
CVE
added 2002/05/03 4:0 a.m.46 views

CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static user session ID that does not change across sessions. This could allow remote attackers who obtain the session ID to elevate privileges as the targeted user (e.g., via IDs exposed in answers or forward URLs). Affected product: Merak Mail IceWarp Web Mail....

7.5CVSS7.3AI score0.01366EPSS
CVE
CVE
added 2005/10/04 4:0 a.m.46 views

CVE-2005-3132

CVE-2005-3132 affects MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 (and possibly earlier). The vulnerability allows remote attackers to obtain sensitive information by directly requesting bwlist_inc.html, causing an error message that reveals the path. Impact is partial confidentiality di...

5CVSS6.2AI score0.01373EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.45 views

CVE-2004-1672

CVE-2004-1672 affects Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions. A flaw in attachment.html allows remote attackers to view other users’ attachments by crafting an HTTP request that specifies a username and a message ID, enabling partial confidentiality loss (...

7.5CVSS6.7AI score0.01746EPSS
CVE
CVE
added 2005/05/11 4:0 a.m.44 views

CVE-2005-1489

CVE-2005-1489 concerns Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. The description states that remote authenticated users can obtain the server’s full path by making requests to calendar_addevent.html, calendar_event.html, or calendar_task.html. The available data include a CVSS v2 base ...

5CVSS6.6AI score0.01373EPSS
CVE
CVE
added 2006/05/19 11:0 p.m.41 views

CVE-2006-2484

CVE-2006-2484 affects IceWarp WebMail

4.3CVSS5.7AI score0.01226EPSS