Mail Server Security Vulnerabilities and Issues — Mail Server CVE List

Lucene search

MerakMail Server

8 matches found

CVE•added 2006/07/21 2:3 p.m.•52 views

CVE-2006-0817

Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in acco...

5CVSS6.7AI score0.11153EPSS

CVE•added 2005/12/28 11:3 a.m.•47 views

CVE-2005-4557

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.

5CVSS6.7AI score0.04806EPSS

CVE•added 2005/10/04 10:2 p.m.•41 views

CVE-2005-3133

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or othe...

5CVSS7.2AI score0.02929EPSS

CVE•added 2005/02/26 5:0 a.m.•38 views

CVE-2004-1720

The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web l...

5CVSS6.6AI score0.09092EPSS

CVE•added 2005/12/28 11:3 a.m.•38 views

CVE-2005-4559

mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to ac...

5CVSS6.7AI score0.05224EPSS

CVE•added 2005/10/04 10:2 p.m.•34 views

CVE-2005-3132

MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message.

5CVSS6.2AI score0.00346EPSS

CVE•added 2005/02/26 5:0 a.m.•32 views

CVE-2004-1721

The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.

5CVSS6.8AI score0.01001EPSS

CVE•added 2005/05/11 4:0 a.m.•32 views

CVE-2005-1489

Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.

5CVSS6.6AI score0.00346EPSS