Web Mail Security Vulnerabilities and Issues — Web Mail CVE List

Lucene search

IcewarpWeb Mail

8 matches found

CVE•added 2006/07/21 2:3 p.m.•52 views

CVE-2006-0817

Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in acco...

5CVSS6.7AI score0.11153EPSS

CVE•added 2005/12/28 11:3 a.m.•47 views

CVE-2005-4557

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.

5CVSS6.7AI score0.04806EPSS

CVE•added 2005/02/10 5:0 a.m.•43 views

CVE-2005-0320

Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) l...

5CVSS6.1AI score0.02944EPSS

CVE•added 2005/10/04 10:2 p.m.•41 views

CVE-2005-3133

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or othe...

5CVSS7.2AI score0.02929EPSS

CVE•added 2005/02/20 5:0 a.m.•39 views

CVE-2004-1671

Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html.

5CVSS6.7AI score0.00457EPSS

CVE•added 2005/12/28 11:3 a.m.•38 views

CVE-2005-4559

mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to ac...

5CVSS6.7AI score0.05224EPSS

CVE•added 2005/10/04 10:2 p.m.•34 views

CVE-2005-3132

MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message.

5CVSS6.2AI score0.00346EPSS

CVE•added 2005/05/11 4:0 a.m.•32 views

CVE-2005-1489

Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.

5CVSS6.6AI score0.00346EPSS