25 matches found
CVE-2006-0818
CVE-2006-0818 describes an absolute path directory traversal/remote file inclusion in IceWarp/Merak/VisNetic webmail that allows remote unauthenticated? Actually Secunia states remote access and authentication not required for some; the vulnerability is exploitable by authenticated or remote user...
CVE-2006-0817
CVE-2006-0817 is a directory traversal/remote file inclusion vulnerability in IceWarp Web Mail bundled with Merak/VisNetic Mail Server. The flaw stems from improper sanitization in the language/lang_settings parameters via the securepath function in accounts/inc/include.php and admin/inc/include....
CVE-2005-4558
CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...
CVE-2004-1669
CVE-2004-1669 describes a cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 when used with IceWarp Web Mail 5.2.7 (and possibly other versions). The issue allows remote attackers to run arbitrary HTML/JavaScript in a victim’s browser by supplying malicious input to (1) the User ...
CVE-2005-1491
CVE-2005-1491 affects Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. The issue allows remote authenticated users to perform file operations: (1) move their home directory via viewaction.html and (2) move arbitrary files via the importaction.html importfile parameter. The root cause is a vul...
CVE-2005-3133
Observation: CVE-2005-3133 describes multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 (and possibly earlier versions). The issues allow remote attackers to: (1) delete arbitrary files or directories via a relative path supplied to the id paramet...
CVE-2005-4557
CVE-2005-4557 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue is a remote inclusion vulnerability: an attacker can cause the system to include arbitrary local files via a null byte (%00) in the lang parameter, likely due to a ...
CVE-2005-4556
CVE-2005-4556 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). When register_globals is on, remote attackers can exploit PHP remote file include via the lang_settings and language parameters in accounts/inc/include.php and admin/inc/include...
CVE-2005-0320
CVE-2005-0320 concerns multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0. The issues allow remote attackers to inject arbitrary web script or HTML via specific parameters: login.html (username), accountsettings_add.html (accountid), and calendar....
CVE-2005-0321
CVE-2005-0321 affects MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0. An authenticated remote user can cause information disclosure by requesting one of four calendar pages (calendar_d.html, calendar_m.html, calendar_w.html, calendar_y.html), which reveals the installation path. The issue is...
CVE-2004-1670
CVE-2004-1670 affects Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The vulnerability enables directory traversal: an attacker can create arbitrary directories by supplying .. in the user parameter to viewaction.html, and can rename arbitrary files by supplyin...
CVE-2004-1674
The CVE-2004-1674 entry concerns Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The vulnerability is in viewaction.html, where input parameters originalfolder and messageid enable remote attackers to perform file operations. Specifically, attackers can delete a...
CVE-2002-1899
IceWarp Web Mail versions 3.3.3 and 3.4.5 are affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the Full Name (addressname) parameter. The connected sources confirm the affected product and the vulnerable input, but do n...
CVE-2004-1671
The CVE-2004-1671 entry describes an information disclosure in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The vulnerability allows remote attackers to gain sensitive information via direct requests to two web pages: accountsettings_add.html and topmenu.html...
CVE-2004-1673
The CVE-2004-1673 entry concerns Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 (and possibly other versions). The flaw allows remote attackers to create text files with arbitrary content via the accountid parameter in accountsettings_add.html, indicating insufficient input validation in the...
CVE-2005-1490
CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2) : When the mailbox.dat file does not exist, remote authenticated users can determine whether a file exists by using the folder parameter to attachment.html. The affected components are Merak Mail Server 8.0.3 and Icewarp Web Mail...
CVE-2005-0322
CVE-2005-0322 affects MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2. The issue is weak encryption in the configuration and data files (users.cfg, settings.cfg, users.dat, user.dat), which allows local users to extract stored passwords. T...
CVE-2005-1488
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 contains multiple cross-site scripting (XSS) vulnerabilities. Remote authenticated users can inject arbitrary web script or HTML through four input paths: (1) E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction....
CVE-2005-3131
Summary (CVE-2005-3131) : Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 (and possibly earlier) allow remote attackers to inject arbitrary web script or HTML. The issues arise via the (1) id parameter to blank.html and (2) createdataCX ...
CVE-2005-4559
CVE-2005-4559 affects IceWarp Web Mail 5.5.1 (as used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue lies in mail/include.html where default_layout and layout_settings are not properly initialized when an unrecognized HTTP_USER_AGENT is sent. This allows remote att...
CVE-2002-0258
Merak Mail IceWarp Web Mail uses a static user session ID that does not change across sessions. This could allow remote attackers who obtain the session ID to elevate privileges as the targeted user (e.g., via IDs exposed in answers or forward URLs). Affected product: Merak Mail IceWarp Web Mail....
CVE-2005-3132
CVE-2005-3132 affects MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 (and possibly earlier). The vulnerability allows remote attackers to obtain sensitive information by directly requesting bwlist_inc.html, causing an error message that reveals the path. Impact is partial confidentiality di...
CVE-2004-1672
CVE-2004-1672 affects Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions. A flaw in attachment.html allows remote attackers to view other users’ attachments by crafting an HTTP request that specifies a username and a message ID, enabling partial confidentiality loss (...
CVE-2005-1489
CVE-2005-1489 concerns Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. The description states that remote authenticated users can obtain the server’s full path by making requests to calendar_addevent.html, calendar_event.html, or calendar_task.html. The available data include a CVSS v2 base ...
CVE-2006-2484
CVE-2006-2484 affects IceWarp WebMail