CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-19266 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19266
03 Jan 2020 — IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. IceWarp WebMail Server versión 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 2 de 2) en notas para objetos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/155826 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-19265 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19265
02 Jan 2020 — IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. IceWarp WebMail Server versiones 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 1 de 2) en notas para contactos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability in notes for contacts. • https://packetstorm.news/files/id/155814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 3CVE-2019-12593 – IceWarp 10.4.4 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2019-12593
03 Jun 2019 — IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. En IceWarp Mail Server hasta la versión 10.4.4 un salto de directorio permite una vulnerabilidad de inclusión de archivos locales mediante webmail / calendar / minimizer / index.php? Style = ..% 5c IceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability. • https://packetstorm.news/files/id/153161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16324
https://notcve.org/view.php?id=CVE-2018-16324
01 Sep 2018 — In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. En IceWarp Server en versiones 12.0.3.1 y anteriores, hay Cross-Site Scripting (XSS) en el campo username en /webmail/. • https://cxsecurity.com/issue/WLB-2018080098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7475
https://notcve.org/view.php?id=CVE-2018-7475
30 Jun 2018 — Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en las URI webdav/ticket/ en IceWarp Mail Server 12.0.3 permite que atacantes remotos autenticados inyecten scripts web o HTLM. • https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 91%CPEs: 1EXPL: 4CVE-2015-1503 – IceWarp Mail Server < 11.1.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-1503
04 May 2018 — Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. Múltiples vulnerabilidades de salto de directorio en IceWarp Mail Server en versiones anteriores a la 11.2 permiten que atacantes remotos lean archivos arbitrarios median... • https://packetstorm.news/files/id/147505 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12844
https://notcve.org/view.php?id=CVE-2017-12844
23 Aug 2017 — Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. Una vulnerabilidad Cross-Site Scripting (XSS) en en panel de administrador en IceWarp Mail Server 10.4.4 permite que administradores del dominio remotos autenticados inyecten scripts web o HTLM arbitrarios mediante un nombre de usuario manipulado. • https://youtu.be/MI4dhEia1d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 16%CPEs: 20EXPL: 4CVE-2011-3579 – IceWarp Mail Server 10.3.2 server/webmail.php Soap Message Parsing - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2011-3579
30 Sep 2011 — server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. server/webmail.php en IceWarp WebMail en el servidor de correo IceWarp anteriores a v10.3.3 permite a atacantes remotos leer ficheros arbitrarios, y posiblemente enviar peticiones HTTP a los servid... • https://www.exploit-db.com/exploits/36165 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 3CVE-2011-3580
https://notcve.org/view.php?id=CVE-2011-3580
30 Sep 2011 — IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. IceWarp WebMail en el servidor de correo IceWarp anterirores a v10.3.3 permite a atacantes remotos obtener información de configuración a través de una petición directa a la URI /server, lo que provoca una llamada a la función phpinfo. • http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2009-1516 – Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1516
04 May 2009 — Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method. Desbordamiento de búfer en el control ActiveX en IceWarpServer.APIObject en api.dll en IceWarp Merak Mail Server v9.4.1, permite a atacantes, dependiendo del co... • https://www.exploit-db.com/exploits/8542 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •