Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icewarp vulnerabilities and exploits
(subscribe to this query)
785
VMScore
CVE-2015-1503
Multiple directory traversal vulnerabilities in IceWarp Mail Server prior to 11.2 allow remote malicious users to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) scrip...
Icewarp Mail Server
1 EDB exploit
NA
CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the mid parameter.
Icewarp Webclient 10.2.1
383
VMScore
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
Icewarp Server 11.3.1.5
383
VMScore
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
Icewarp Mail Server
312
VMScore
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Icewarp Mail Server
505
VMScore
CVE-2019-12593
IceWarp Mail Server up to and including 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
Icewarp Mail Server
1 EDB exploit
641
VMScore
CVE-2005-0322
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
Icewarp Web Mail 5.3.0
Icewarp Web Mail 5.3.2
Merak Mail Server 7.6.0
Merak Mail Server 7.6.4r
357
VMScore
CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
Icewarp Mail Server 12.3.0.1
3 Github repositories
357
VMScore
CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote malicious users to upload files and consume disk space.
Icewarp Mail Server 12.3.0.1
3 Github repositories
NA
CVE-2022-35115
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) exists to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Icewarp Webclient Dc2 13.0.2.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »