CVE-2021-36580
https://notcve.org/view.php?id=CVE-2021-36580
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com http://mail.ziyan.com https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-14066
https://notcve.org/view.php?id=CVE-2020-14066
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos JavaScript que son peligrosos para que los clientes accedan • https://github.com/pinpinsec/CVE-2020-14066 https://github.com/networksecure/CVE-2020-14066 https://github.com/networksecure/icewarp_insecure_permissions https://www.icewarp.com/download-premise/server • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-14065
https://notcve.org/view.php?id=CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos y consumir espacio en disco • https://github.com/pinpinsec/CVE-2020-14065 https://github.com/networksecure/CVE-2020-14065 https://github.com/networksecure/icewarp_unlimited_file_upload https://www.icewarp.com/download-premise/server • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-14064
https://notcve.org/view.php?id=CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. IceWarp Email Server versión 12.3.0.1, presenta un Control de Acceso Incorrecto para las cuentas de usuario • https://github.com/networksecure/CVE-2020-14064 https://github.com/networksecure/Icewarp_incorrect_access_control https://www.icewarp.com/download-premise/server • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2008-2049
https://notcve.org/view.php?id=CVE-2008-2049
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. El servidor POP3 (EPSTPOP3S.EXE) 4.22 en E-Post Mail Server 4.10 permite a atacantes remotos conseguir información sensible a través de múltiples comandos APOP manipulados para una cuenta POP3 conocida, la cual mostrará la contraseña en un mensaje de error del POP3. • http://secunia.com/advisories/29990 http://vuln.sg/epostmailserver410-en.html http://www.e-postinc.jp/Mail_Server.html http://www.securityfocus.com/bid/28951 http://www.securitytracker.com/id?1019930 http://www.vupen.com/english/advisories/2008/1389/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •