Icewarp » Web Mail » 3.3.2 : Security Vulnerabilities, CVEs, CVSS score >= 7

cpe:2.3:a:icewarp:web_mail:3.3.2:*:*:*:*:*:*:*

CVE-2004-1674

viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11

CVE-2004-1673

accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11

CVE-2004-1672

attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11

CVE-2004-1670

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
Max CVSS
7.5
EPSS Score
0.61%
Published
2004-09-10
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close