dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote malicious users to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
merak mail server 8.3.0r |
||
deerfield visnetic mail server 8.3.0_build1 |
||
icewarp web mail 5.5.1 |