CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 4CVE-2005-4557 – IceWarp Universal WebMail - '/dir/include.html?lang' Local File Inclusion
https://notcve.org/view.php?id=CVE-2005-4557
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability. • https://www.exploit-db.com/exploits/26981 http://marc.info/?l=full-disclosure&m=113570229524828&w=2 http://secunia.com/advisories/17046 http://secunia.com/advisories/17865 http://secunia.com/secunia_research/2005-62/advisory http://securitytracker.com/id?1015412 http://www.osvdb.org/22079 http://www.securityfocus.com/archive/1/420255/100/0/threaded http://www.securityfocus.com/bid/16069 https://exchange.xforce.ibmcloud.com/vulnerabilities/23897 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2003-0456
https://notcve.org/view.php?id=CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. VisNetic WebSite 3.5 permite a atacantes remotos obtener la ruta completa del servidor mediante una petición conteniendo una carpeta que no existe, lo que filtra la ruta en un mensaje de error, como se demostró usando _vti_bin/fpcount.exe. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html http://marc.info/?l=bugtraq&m=105733894003737&w=2 http://www.krusesecurity.dk/advisories/vis0103.txt http://www.securityfocus.com/bid/8075 https://exchange.xforce.ibmcloud.com/vulnerabilities/12483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-2241
https://notcve.org/view.php?id=CVE-2002-2241
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html http://www.securityfocus.com/bid/6364 https://exchange.xforce.ibmcloud.com/vulnerabilities/10840 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1684
https://notcve.org/view.php?id=CVE-2002-1684
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. • http://www.securityfocus.com/archive/1/251523 http://www.securityfocus.com/bid/3913 https://exchange.xforce.ibmcloud.com/vulnerabilities/7946 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2002-2413
https://notcve.org/view.php?id=CVE-2002-2413
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. • http://archives.neohapsis.com/archives/bugtraq/2002-05/0178.html http://www.iss.net/security_center/static/9147.php http://www.securityfocus.com/bid/4783 •