Icewarp - Web Mail CVE - OpenCVE

Filtered by vendor Icewarp Subscriptions

Filtered by product Web Mail Subscriptions

Total 25 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2005-4557	3 Deerfield, Icewarp, Merak	3 Visnetic Mail Server, Web Mail, Mail Server	2025-04-03	N/A
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
CVE-2005-3133	2 Icewarp, Merak	2 Web Mail, Mail Server	2025-04-03	N/A
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.
CVE-2004-1669	2 Icewarp, Merak	2 Web Mail, Mail Server	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html.
CVE-2004-1674	2 Icewarp, Merak	2 Web Mail, Mail Server	2025-04-03	N/A
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
CVE-2005-0321	2 Icewarp, Merak	2 Web Mail, Mail Server	2025-04-03	N/A
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.

« first previous Page 2 of 2.