cbcvebase.

Icewarp Web Mail vulnerabilities

24 known vulnerabilities affecting icewarp/web_mail.

Total CVEs
24
CISA KEV
0
Public exploits
7
Exploited in wild
4
Severity breakdown
HIGH6MEDIUM15LOW3

Vulnerabilities

Page 2 of 2
CVE-2005-3132P4MEDIUMCVSS 5.0v5.5.12005-10-04
CVE-2005-3132 [MEDIUM] CVE-2005-3132: MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote a MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message.
nvd
CVE-2005-1488P4LOWCVSS 1.9v5.4.22005-05-11
CVE-2005-1488 [LOW] CVE-2005-1488: Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendar
nvd
CVE-2005-1490P4LOWCVSS 2.1v5.4.22005-05-11
CVE-2005-1490 [LOW] CVE-2005-1490: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allow Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
nvd
CVE-2005-0321P4LOWCVSS 2.1v5.3.02005-05-02
CVE-2005-0321 [LOW] CVE-2005-0321: MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensit MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
nvd
Icewarp Web Mail vulnerabilities | cvebase