Filtered by vendor Icewarp
Subscriptions
Filtered by product Mail Server
Subscriptions
Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-39700 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | ||||
CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 9.8 Critical |
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | ||||
CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2024-11-21 | 6.1 Medium |
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | ||||
CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
IceWarp 11.4.5.0 allows XSS via the language parameter. | ||||
CVE-2020-14066 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 8.8 High |
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | ||||
CVE-2020-14065 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.5 Medium |
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | ||||
CVE-2020-14064 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.5 Medium |
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | ||||
CVE-2019-19266 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 5.4 Medium |
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | ||||
CVE-2019-19265 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | ||||
CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | ||||
CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | ||||
CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | ||||
CVE-2017-12844 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | ||||
CVE-2015-1503 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | ||||
CVE-2011-3580 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | ||||
CVE-2011-3579 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. |
Page 1 of 1.