Published: 28/12/2005 Updated: 19/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote malicious users to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merak mail server 8.3.0r
deerfield visnetic mail server 8.3.0_build1
icewarp web mail 5.5.1

source: wwwsecurityfocuscom/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP ...

NVD-CWE-Other http://secunia.com/secunia_research/2005-62/advisory/http://www.securityfocus.com/bid/16069 http://secunia.com/advisories/17046 http://secunia.com/advisories/17865 http://securitytracker.com/id?1015412 http://www.osvdb.org/22079 http://marc.info/?l=full-disclosure&m=113570229524828&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/23897 http://www.securityfocus.com/archive/1/420255/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/26981/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-4557

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect