Filtered by vendor Merak Subscriptions

Search

Switch to Advanced Search (Beta)
Total 25 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-1720 1 Merak 1 Mail Server 2025-04-03 N/A
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
CVE-2005-4557 3 Deerfield, Icewarp, Merak 3 Visnetic Mail Server, Web Mail, Mail Server 2025-04-03 N/A
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
CVE-2004-1721 1 Merak 1 Mail Server 2025-04-03 N/A
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
CVE-2006-0818 3 Deerfield, Icewarp, Merak 3 Visnetic Mail Server, Web Mail, Mail Server 2025-04-03 N/A
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.
CVE-2004-1722 1 Merak 1 Mail Server 2025-04-03 N/A
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.