CVE-2022-35115
https://notcve.org/view.php?id=CVE-2022-35115
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. Se ha detectado que IceWarp WebClient DC2 - Update 2 Build 9 (versión 13.0.2.9) contiene una vulnerabilidad de inyección SQL por medio del parámetro search en el archivo /webmail/server/webmail.php. • https://support.icewarp.com/hc/en-us/community/posts/4419283857297-DC2-Update-2-Build-10-13-0-2-10- https://veysel-xan.com/CVE-2022-35115.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-25925
https://notcve.org/view.php?id=CVE-2020-25925
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Webmail Calender en IceWarp WebClient versión 10.3.5, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "p4" • https://ashketchum.medium.com/cross-site-scripting-xss-in-webmail-calender-in-icewarp-webclient-cve-2020-25925-67e1cbc40bd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-27982 – Icewarp WebMail 11.4.5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter. IceWarp versión 11.4.5.0, permite un ataque de tipo XSS por medio del parámetro language Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2020100161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-14066
https://notcve.org/view.php?id=CVE-2020-14066
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos JavaScript que son peligrosos para que los clientes accedan • https://github.com/pinpinsec/CVE-2020-14066 https://github.com/networksecure/CVE-2020-14066 https://github.com/networksecure/icewarp_insecure_permissions https://www.icewarp.com/download-premise/server • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-14065
https://notcve.org/view.php?id=CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos y consumir espacio en disco • https://github.com/pinpinsec/CVE-2020-14065 https://github.com/networksecure/CVE-2020-14065 https://github.com/networksecure/icewarp_unlimited_file_upload https://www.icewarp.com/download-premise/server • CWE-434: Unrestricted Upload of File with Dangerous Type •