Multiple Vulnerabilities In Merak Webmail / IceWarp Web Mail Network Vulnerability

Summary

The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - <http://www.MerakMailServer.com/>. This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities.

Solution

Upgrade to Merak Webmail / IceWarp Web Mail 5.2.8 or Merak Mail Server 7.5.2 or later.

Severity

Classification

CVE CVE-2004-1719, CVE-2004-1720, CVE-2004-1721, CVE-2004-1722

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Astium VoIP PBX SQL Injection Vulnerability
AWCM CMS Multiple Remote File Include Vulnerabilities
Acidcat CMS Multiple Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities

Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail

Take action and discover your vulnerabilities