Page 2 of 9 results (0.009 seconds)

CVSS: 7.8EPSS: 90%CPEs: 1EXPL: 3

Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. Múltiples vulnerabilidades de salto de directorio en IceWarp Mail Server en versiones anteriores a la 11.2 permiten que atacantes remotos lean archivos arbitrarios mediante (1) un .. (punto punto) en el parámetro file en una página webmail/client/skins/default/css/css.php o .../. • https://www.exploit-db.com/exploits/44587 http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.4EPSS: 2%CPEs: 20EXPL: 4

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. server/webmail.php en IceWarp WebMail en el servidor de correo IceWarp anteriores a v10.3.3 permite a atacantes remotos leer ficheros arbitrarios, y posiblemente enviar peticiones HTTP a los servidores de la intranet o causar una denegación de servicio (Agotamiento de CPU y de memoria), a través de una entidad externa XML declaración en relación con una referencia de entidad. IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/36165 http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html http://securityreason.com/securityalert/8404 http://securitytracker.com/id?1026093 http://www.osvdb.org/75721 http://www.securityfocus.com/bid/49753 https://exchange.xforce.ibmcloud.com/vulnerabilities/70025 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 3%CPEs: 20EXPL: 3

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. IceWarp WebMail en el servidor de correo IceWarp anterirores a v10.3.3 permite a atacantes remotos obtener información de configuración a través de una petición directa a la URI /server, lo que provoca una llamada a la función phpinfo. IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html http://securityreason.com/securityalert/8404 http://securitytracker.com/id?1026093 http://www.osvdb.org/75722 http://www.securityfocus.com/bid/49753 https://exchange.xforce.ibmcloud.com/vulnerabilities/70026 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0070.html http://www.iss.net/security_center/static/10601.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •