Page 3 of 43 results (0.005 seconds)

CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2

CVE-2019-12593 – IceWarp 10.4.4 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2019-12593

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. En IceWarp Mail Server hasta la versión 10.4.4 un salto de directorio permite una vulnerabilidad de inclusión de archivos locales mediante webmail / calendar / minimizer / index.php? Style = ..% 5c IceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/46959 http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-16324

https://notcve.org/view.php?id=CVE-2018-16324

In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. En IceWarp Server en versiones 12.0.3.1 y anteriores, hay Cross-Site Scripting (XSS) en el campo username en /webmail/. • https://cxsecurity.com/issue/WLB-2018080098 https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-7475

https://notcve.org/view.php?id=CVE-2018-7475

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en las URI webdav/ticket/ en IceWarp Mail Server 12.0.3 permite que atacantes remotos autenticados inyecten scripts web o HTLM. • https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475 https://www.youtube.com/watch?v=8_3Q80JrMm4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 90%CPEs: 1EXPL: 3

CVE-2015-1503 – IceWarp Mail Server < 11.1.1 - Directory Traversal

https://notcve.org/view.php?id=CVE-2015-1503

Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. Múltiples vulnerabilidades de salto de directorio en IceWarp Mail Server en versiones anteriores a la 11.2 permiten que atacantes remotos lean archivos arbitrarios mediante (1) un .. (punto punto) en el parámetro file en una página webmail/client/skins/default/css/css.php o .../. • https://www.exploit-db.com/exploits/44587 http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-7855

https://notcve.org/view.php?id=CVE-2017-7855

In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. El el componente webmail en IceWarp Server 11.3.1.5, existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el parámetro language. • https://technical.nttsecurity.com/post/102eegq/cookies-are-delicious • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •