Page 6 of 42 results (0.015 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message. • http://marc.info/?l=bugtraq&m=112810385104168&w=2 http://secunia.com/advisories/17046 http://www.vupen.com/english/advisories/2005/1933 •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html. • https://www.exploit-db.com/exploits/26313 http://marc.info/?l=bugtraq&m=112810385104168&w=2 http://secunia.com/advisories/17046 http://www.securityfocus.com/bid/14986 http://www.securityfocus.com/bid/14988 http://www.vupen.com/english/advisories/2005/1933 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html. • http://marc.info/?l=bugtraq&m=111530933016434&w=2 http://secunia.com/advisories/15249 https://exchange.xforce.ibmcloud.com/vulnerabilities/20472 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html. • http://marc.info/?l=bugtraq&m=111530933016434&w=2 http://secunia.com/advisories/15249 https://exchange.xforce.ibmcloud.com/vulnerabilities/20469 •

CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html. • http://marc.info/?l=bugtraq&m=111530933016434&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/20467 •