Published: 28/12/2005 Updated: 19/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 660

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merak mail server 8.3.0r
deerfield visnetic mail server 8.3.0_build1
icewarp web mail 5.5.1

source: wwwsecurityfocuscom/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites An attacker can exploit these issues to include arbitrary local or remote files containing malicious ...

source: wwwsecurityfocuscom/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites An attacker can exploit these issues to include arbitrary local or remote files containing malicious PH ...

NVD-CWE-Other http://secunia.com/secunia_research/2005-62/advisory/http://www.securityfocus.com/bid/16069 http://secunia.com/advisories/17046 http://secunia.com/advisories/17865 http://securitytracker.com/id?1015412 http://www.osvdb.org/22080 http://www.osvdb.org/22081 http://marc.info/?l=full-disclosure&m=113570229524828&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/23904 http://www.securityfocus.com/archive/1/420255/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/26983/

CVE-2005-4558

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect