Search
Search Results (25 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1674 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | N/A |
| viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter. | ||||
| CVE-2005-1491 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | N/A |
| Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html. | ||||
| CVE-2002-0258 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | N/A |
| Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. | ||||
| CVE-2005-3133 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html. | ||||
| CVE-2004-1721 | 1 Merak | 1 Mail Server | 2025-04-03 | N/A |
| The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000. | ||||