Page 4 of 38 results (0.005 seconds)

CVSS: 5.0EPSS: 3%CPEs: 20EXPL: 3

CVE-2011-3580 – IceWarp Mail Server Injection / Information Disclosure

https://notcve.org/view.php?id=CVE-2011-3580

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. IceWarp WebMail en el servidor de correo IceWarp anterirores a v10.3.3 permite a atacantes remotos obtener información de configuración a través de una petición directa a la URI /server, lo que provoca una llamada a la función phpinfo. IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html http://securityreason.com/securityalert/8404 http://securitytracker.com/id?1026093 http://www.osvdb.org/75722 http://www.securityfocus.com/bid/49753 https://exchange.xforce.ibmcloud.com/vulnerabilities/70026 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2009-1516 – Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2009-1516

Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method. Desbordamiento de búfer en el control ActiveX en IceWarpServer.APIObject en api.dll en IceWarp Merak Mail Server v9.4.1, permite a atacantes, dependiendo del contexto, ejecutar código de su elección a través de un valor largo en el segundo argumento del método Base64FileEncode, como se demostró posiblemente por una aplicación web que acepte entradas inseguras de este método. • https://www.exploit-db.com/exploits/8542 http://www.securityfocus.com/bid/34739 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-5734

https://notcve.org/view.php?id=CVE-2008-5734

Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebMail Pro en IceWarp Software Merak Mail Server 9.3.2 permite a atacantes remotos inyectar secuencias de comandos web de su elección o HTML mediante un elementos IMG en un mensaje e-mail en formato HTML. • http://blog.vijatov.com/index.php?itemid=11 http://osvdb.org/50885 http://secunia.com/advisories/32770 http://www.securityfocus.com/bid/32969 https://exchange.xforce.ibmcloud.com/vulnerabilities/47533 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-5046

https://notcve.org/view.php?id=CVE-2007-5046

Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la interfaz Webmail para ceWarp Merak Mail Server anterior a 9.0.0 permite a atacantes remotos inyectar JavaScript de su elección a través de un javascript: URI en un atributo de un elemento en el cuerpo de un mensaje, como se demostró con el atributo onload en un elemento BODY. • http://osvdb.org/37428 http://secunia.com/advisories/26877 http://www.mwrinfosecurity.com/publications/mwri_merak-webmail-xss-advisory_2008-09-17.pdf http://www.securityfocus.com/bid/25708 http://www.vupen.com/english/advisories/2007/3225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 5

CVE-2006-0817

https://notcve.org/view.php?id=CVE-2006-0817

Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. Vulnerabilidad de salto de directorio absoluto en (a) MERAK Mail Server para Windows 8.3.8r con anteriores IceWarp Web Mail 5.6.1 y (b) VisNetic MailServer anterior a 8.5.0.5 permite a atacantes remotos incluir archivos de su elección a través de una ruta completa de Windows y controlador de cartas en el parámetro (1) language en accounts/inc/include.php y (2) parámetro lang_settings en admin/inc/include.php, lo cual no es desinfectado por la función securepath, un asunto relacionado con CVE-2005-4556. • http://secunia.com/advisories/18953 http://secunia.com/advisories/18966 http://secunia.com/secunia_research/2006-12/advisory http://secunia.com/secunia_research/2006-14/advisory http://securitytracker.com/id?1016513 http://securitytracker.com/id?1016514 http://www.osvdb.org/27328 http://www.securityfocus.com/archive/1/440297/100/0/threaded http://www.securityfocus.com/archive/1/440302/100/0/threaded http://www.securityfocus.com/bid/19002 http://www.securityfocus.com/bid •