6 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com http://mail.ziyan.com https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos JavaScript que son peligrosos para que los clientes accedan • https://github.com/pinpinsec/CVE-2020-14066 https://github.com/networksecure/CVE-2020-14066 https://github.com/networksecure/icewarp_insecure_permissions https://www.icewarp.com/download-premise/server • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos y consumir espacio en disco • https://github.com/pinpinsec/CVE-2020-14065 https://github.com/networksecure/CVE-2020-14065 https://github.com/networksecure/icewarp_unlimited_file_upload https://www.icewarp.com/download-premise/server • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. IceWarp Email Server versión 12.3.0.1, presenta un Control de Acceso Incorrecto para las cuentas de usuario • https://github.com/networksecure/CVE-2020-14064 https://github.com/networksecure/Icewarp_incorrect_access_control https://www.icewarp.com/download-premise/server • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. El servidor POP3 (EPSTPOP3S.EXE) 4.22 en E-Post Mail Server 4.10 permite a atacantes remotos conseguir información sensible a través de múltiples comandos APOP manipulados para una cuenta POP3 conocida, la cual mostrará la contraseña en un mensaje de error del POP3. • http://secunia.com/advisories/29990 http://vuln.sg/epostmailserver410-en.html http://www.e-postinc.jp/Mail_Server.html http://www.securityfocus.com/bid/28951 http://www.securitytracker.com/id?1019930 http://www.vupen.com/english/advisories/2008/1389/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •