Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icewarp mail server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39699
IceWarp Mail Server v10.4.5 exists to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows malicious users to include or execute files from the local file system of the targeted server.
Icewarp Mail Server 10.4.5
NA
CVE-2023-39700
IceWarp Mail Server v10.4.5 exists to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
Icewarp Mail Server 10.4.5
4.3
CVSSv2
CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter.
Icewarp Mail Server 11.4.5
4
CVSSv2
CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
Icewarp Mail Server 12.3.0.1
3 Github repositories
4
CVSSv2
CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote malicious users to upload files and consume disk space.
Icewarp Mail Server 12.3.0.1
3 Github repositories
6.5
CVSSv2
CVE-2020-14066
IceWarp Email Server 12.3.0.1 allows remote malicious users to upload JavaScript files that are dangerous for clients to access.
Icewarp Mail Server 12.3.0.1
3 Github repositories
2.1
CVSSv2
CVE-2005-1490
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
Icewarp Web Mail 5.4.2
Merak Mail Server 8.0.3
2.1
CVSSv2
CVE-2005-0321
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
Merak Mail Server 7.6.0
Icewarp Web Mail 5.3.0
4.3
CVSSv2
CVE-2005-3131
Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to...
Merak Mail Server 8.2.4r
Icewarp Web Mail 5.5.1
4 EDB exploits
5
CVSSv2
CVE-2005-3132
MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote malicious users to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message.
Icewarp Web Mail 5.5.1
Merak Mail Server 8.2.4r
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »