Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Mail server'
2020-11-02
CVE-2020-27982
CWE-79
IceWarp 11.4.5.0 allows XSS via the language parameter.
2020-07-15
CVE-2020-14066
CWE-434
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
CVE-2020-14065
CWE-434
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
CVE-2020-14064
CWE-668
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
2020-01-06
CVE-2019-19265
CWE-79
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVE-2019-19266
CWE-79
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
2019-06-03
CVE-2019-12593
CWE-22
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
2018-09-01
CVE-2018-16324
CWE-79
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
2018-05-08
CVE-2015-1503
CWE-22
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
2017-08-23
CVE-2017-12844
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
Copyright
2024
, cxsecurity.com
Back to Top