Filtered by vendor Icewarp
Subscribe
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | |||||
| CVE-2020-14066 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | |||||
| CVE-2020-14065 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | |||||
| CVE-2020-14064 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | |||||
| CVE-2019-19266 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | |||||
| CVE-2019-19265 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | |||||
| CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | |||||
| CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | |||||
| CVE-2017-7855 | 1 Icewarp | 1 Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | |||||
| CVE-2017-12844 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | |||||
| CVE-2015-1503 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | |||||
| CVE-2011-3580 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | |||||
| CVE-2011-3579 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.4 MEDIUM | N/A |
| server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | |||||
| CVE-2010-5340 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | |||||
| CVE-2010-5339 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | |||||
| CVE-2010-5335 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | |||||