RSS   Vulnerabilities for 'Mail server'   RSS

2018-05-08
 
CVE-2015-1503

CWE-22
 

 
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.

 
2017-08-23
 
CVE-2017-12844

 

 
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.

 
2011-09-30
 
CVE-2011-3580

CWE-200
 

 
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.

 
 
CVE-2011-3579

CWE-399
 

 
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

 

 >>> Vendor: Icewarp 6 Products
Web mail
Merak mail server
Email server
Webmail server
Mail server
Server


Copyright 2018, cxsecurity.com

 

Back to Top