Vulnerabilities > CVE-2005-3133 - Directory Traversal vulnerability in IceWarp Web Mail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | ICEWARP_WEBMAIL_VULNS4.NASL |
description | The remote host is running IceWarp Web Mail - a webmail solution available for the Microsoft Windows platform. The remote version of this software is affected by a directory traversal vulnerability that may allow an attacker to retrieve arbitrary files on the system. Another input validation flaw allows an attacker to delete arbitrary files on the remote host. Note this flaw indicates IceWarp is vulnerable to cross-site scripting attacks too. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19784 |
published | 2005-09-30 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19784 |
title | IceWarp Web Mail Multiple Flaws (4) |
code |
|