CVE-2005-0321
https://notcve.org/view.php?id=CVE-2005-0321
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. • http://marc.info/?l=bugtraq&m=110693950205007&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19152 •
CVE-2004-1674
https://notcve.org/view.php?id=CVE-2004-1674
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter. • http://marc.info/?l=bugtraq&m=109483971420067&w=2 http://secunia.com/advisories/12789 http://www.securityfocus.com/bid/11371 https://exchange.xforce.ibmcloud.com/vulnerabilities/17976 •
CVE-2004-1669
https://notcve.org/view.php?id=CVE-2004-1669
Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html. • http://marc.info/?l=bugtraq&m=109483971420067&w=2 http://secunia.com/advisories/12789 http://www.securityfocus.com/bid/11371 https://exchange.xforce.ibmcloud.com/vulnerabilities/17313 •
CVE-2004-1670
https://notcve.org/view.php?id=CVE-2004-1670
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. • http://marc.info/?l=bugtraq&m=109483971420067&w=2 http://secunia.com/advisories/12789 http://www.securityfocus.com/bid/11371 https://exchange.xforce.ibmcloud.com/vulnerabilities/17314 •
CVE-2004-1719 – Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1719
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. • https://www.exploit-db.com/exploits/24377 https://www.exploit-db.com/exploits/24379 https://www.exploit-db.com/exploits/24378 https://www.exploit-db.com/exploits/24380 http://marc.info/?l=bugtraq&m=109279057326044&w=2 http://packetstormsecurity.nl/0408-exploits/merak527.txt http://secunia.com/advisories/12269 http://securitytracker.com/id?1010969 http://www.osvdb.org/9037 http://www.osvdb.org/9038 http://www.osvdb.org/9039 http://www.osvdb.org/9040 http: •