Published: 28/12/2005 Updated: 19/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote malicious users to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merak mail server 8.3.0r
deerfield visnetic mail server 8.3.0_build1
icewarp web mail 5.5.1

source: wwwsecurityfocuscom/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP ...

source: wwwsecurityfocuscom/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP co ...

NVD-CWE-Other http://secunia.com/secunia_research/2005-62/advisory/http://www.securityfocus.com/bid/16069 http://secunia.com/advisories/17046 http://secunia.com/advisories/17865 http://securitytracker.com/id?1015412 http://www.osvdb.org/22077 http://www.osvdb.org/22078 http://marc.info/?l=full-disclosure&m=113570229524828&w=2 http://www.securityfocus.com/archive/1/420255/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/26980/

CVE-2005-4556

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect