Vulnerabilities > CVE-2004-1720 - Multiple vulnerability in Merak Mail Server 7.4.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Merak Mail Server 7.4.5 address.html Path Disclosure. CVE-2004-1720. Webapps exploit for php platform |
id | EDB-ID:24381 |
last seen | 2016-02-02 |
modified | 2004-07-17 |
published | 2004-07-17 |
reporter | Criolabs |
source | https://www.exploit-db.com/download/24381/ |
title | Merak Mail Server 7.4.5 address.html Path Disclosure |
Nessus
NASL family | CGI abuses |
NASL id | MERAK_MULTIPLE_VULNS.NASL |
description | The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14379 |
published | 2004-08-26 |
reporter | This script is Copyright (C) 2004-2018 George A. Theall |
source | https://www.tenable.com/plugins/nessus/14379 |
title | Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=109279057326044&w=2
- http://packetstormsecurity.nl/0408-exploits/merak527.txt
- http://secunia.com/advisories/12269
- http://securitytracker.com/id?1010969
- http://www.osvdb.org/9043
- http://www.securityfocus.com/bid/10966
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17027