Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mail_server
(Icewarp)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 16 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-15 | CVE-2020-14064 | IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | Mail_server | N/A | ||
2018-06-30 | CVE-2018-7475 | Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | Mail_server | N/A | ||
2020-01-06 | CVE-2019-19266 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | Mail_server | N/A | ||
2020-01-06 | CVE-2019-19265 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | Mail_server | N/A | ||
2019-06-03 | CVE-2019-12593 | IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | Mail_server | 7.5 | ||
2018-09-01 | CVE-2018-16324 | In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | Mail_server | 6.1 | ||
2017-08-23 | CVE-2017-12844 | Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | Mail_server | 4.8 | ||
2018-05-08 | CVE-2015-1503 | Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | Mail_server | 7.5 | ||
2011-09-30 | CVE-2011-3580 | IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | Mail_server | N/A | ||
2011-09-30 | CVE-2011-3579 | server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | Mail_server | N/A |