Published: 17/08/2004 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote malicious users to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merak mail server 7.4.5

source: wwwsecurityfocuscom/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerability - A PHP source code disclosure vulnerability - An SQL injection vulnerabili ...

NVD-CWE-Other http://packetstormsecurity.nl/0408-exploits/merak527.txt http://www.securityfocus.com/bid/10966 http://www.osvdb.org/9043 http://secunia.com/advisories/12269 http://securitytracker.com/id?1010969 http://marc.info/?l=bugtraq&m=109279057326044&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17027 https://nvd.nist.gov https://www.exploit-db.com/exploits/24381/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1720

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect