Vulnerabilities > CVE-2004-1722 - Multiple vulnerability in Merak Mail Server 7.5.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection. CVE-2004-1722. Webapps exploit for php platform |
id | EDB-ID:24382 |
last seen | 2016-02-02 |
modified | 2004-07-17 |
published | 2004-07-17 |
reporter | Criolabs |
source | https://www.exploit-db.com/download/24382/ |
title | Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection |
Nessus
NASL family | CGI abuses |
NASL id | MERAK_MULTIPLE_VULNS.NASL |
description | The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14379 |
published | 2004-08-26 |
reporter | This script is Copyright (C) 2004-2018 George A. Theall |
source | https://www.tenable.com/plugins/nessus/14379 |
title | Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=109279057326044&w=2
- http://packetstormsecurity.nl/0408-exploits/merak527.txt
- http://secunia.com/advisories/12269
- http://securitytracker.com/id?1010969
- http://www.osvdb.org/9044
- http://www.securityfocus.com/bid/10966
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17022