Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icewarp webmail server vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-16324
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
Icewarp Mail Server
785
VMScore
CVE-2015-1503
Multiple directory traversal vulnerabilities in IceWarp Mail Server prior to 11.2 allow remote malicious users to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) scrip...
Icewarp Mail Server
1 EDB exploit
383
VMScore
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
Icewarp Server 11.3.1.5
505
VMScore
CVE-2005-4557
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote malicious users to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulner...
Merak Mail Server 8.3.0r
Deerfield Visnetic Mail Server 8.3.0 Build1
Icewarp Web Mail 5.5.1
1 EDB exploit
505
VMScore
CVE-2005-4559
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows rem...
Merak Mail Server 8.3.0r
Deerfield Visnetic Mail Server 8.3.0 Build1
Icewarp Web Mail 5.5.1
1 EDB exploit
505
VMScore
CVE-2019-12593
IceWarp Mail Server up to and including 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
Icewarp Mail Server
1 EDB exploit
312
VMScore
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Icewarp Mail Server
383
VMScore
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
Icewarp Mail Server
383
VMScore
CVE-2008-5734
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote malicious users to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.
Icewarp Merak Mail Server 9.3.2
NA
CVE-2022-35115
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) exists to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Icewarp Webclient Dc2 13.0.2.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2