Page 4 of 45 results (0.012 seconds)

CVSS: 6.4EPSS: 2%CPEs: 20EXPL: 4

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. server/webmail.php en IceWarp WebMail en el servidor de correo IceWarp anteriores a v10.3.3 permite a atacantes remotos leer ficheros arbitrarios, y posiblemente enviar peticiones HTTP a los servidores de la intranet o causar una denegación de servicio (Agotamiento de CPU y de memoria), a través de una entidad externa XML declaración en relación con una referencia de entidad. IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/36165 http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html http://securityreason.com/securityalert/8404 http://securitytracker.com/id?1026093 http://www.osvdb.org/75721 http://www.securityfocus.com/bid/49753 https://exchange.xforce.ibmcloud.com/vulnerabilities/70025 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 3%CPEs: 20EXPL: 3

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. IceWarp WebMail en el servidor de correo IceWarp anterirores a v10.3.3 permite a atacantes remotos obtener información de configuración a través de una petición directa a la URI /server, lo que provoca una llamada a la función phpinfo. IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html http://securityreason.com/securityalert/8404 http://securitytracker.com/id?1026093 http://www.osvdb.org/75722 http://www.securityfocus.com/bid/49753 https://exchange.xforce.ibmcloud.com/vulnerabilities/70026 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. El servidor POP3 (EPSTPOP3S.EXE) 4.22 en E-Post Mail Server 4.10 permite a atacantes remotos conseguir información sensible a través de múltiples comandos APOP manipulados para una cuenta POP3 conocida, la cual mostrará la contraseña en un mensaje de error del POP3. • http://secunia.com/advisories/29990 http://vuln.sg/epostmailserver410-en.html http://www.e-postinc.jp/Mail_Server.html http://www.securityfocus.com/bid/28951 http://www.securitytracker.com/id?1019930 http://www.vupen.com/english/advisories/2008/1389/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 5

Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. Vulnerabilidad de salto de directorio absoluto en (a) MERAK Mail Server para Windows 8.3.8r con anteriores IceWarp Web Mail 5.6.1 y (b) VisNetic MailServer anterior a 8.5.0.5 permite a atacantes remotos incluir archivos de su elección a través de una ruta completa de Windows y controlador de cartas en el parámetro (1) language en accounts/inc/include.php y (2) parámetro lang_settings en admin/inc/include.php, lo cual no es desinfectado por la función securepath, un asunto relacionado con CVE-2005-4556. • http://secunia.com/advisories/18953 http://secunia.com/advisories/18966 http://secunia.com/secunia_research/2006-12/advisory http://secunia.com/secunia_research/2006-14/advisory http://securitytracker.com/id?1016513 http://securitytracker.com/id?1016514 http://www.osvdb.org/27328 http://www.securityfocus.com/archive/1/440297/100/0/threaded http://www.securityfocus.com/archive/1/440302/100/0/threaded http://www.securityfocus.com/bid/19002 http://www.securityfocus.com/bid •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 5

Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. Vulnerabilidad de salto de directorio de ruta absoluta en (1) MERAK Mail Server para Windows 8.3.8r con anteriores IceWarp Web Mail 5.6.1 y (2) VisNetic MailServer anterior a 8.5.0.5 permite a usuarios remotos validados incluir archivos de su elección a través del parámetro language modificado y un nombre de ruta completo Windows o UNC en el parámetro lang_settings en mail/index.html, lo cual no es saneadoo de forma adecuada por la función PHP validatefolder, posiblemente debido a una solución incompleta para CVE-2005-4558. • http://secunia.com/advisories/18953 http://secunia.com/advisories/18966 http://secunia.com/secunia_research/2006-12/advisory http://secunia.com/secunia_research/2006-14/advisory http://securitytracker.com/id?1016513 http://securitytracker.com/id?1016514 http://www.securityfocus.com/archive/1/440297/100/0/threaded http://www.securityfocus.com/archive/1/440302/100/0/threaded http://www.securityfocus.com/bid/19002 http://www.securityfocus.com/bid/19007 http://www.vupen.com •