Every CVE whose affected-product data names Icewarp Web Mail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2005-4556 — CVSS 7.5 (high): PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0…
CVE-2002-0258 — CVSS 7.5 (high): Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote…
CVE-2004-1673 — CVSS 7.5 (high): accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to…
CVE-2004-1674 — CVSS 7.5 (high): viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete…
CVE-2004-1670 — CVSS 7.5 (high): Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote…
CVE-2004-1672 — CVSS 7.5 (high): attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other…
CVE-2005-0322 — CVSS 7.2 (high): MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1)…
CVE-2005-4558 — CVSS 6.5 (medium): IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict…
CVE-2005-1489 — CVSS 5.0 (medium): Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of…
CVE-2004-1671 — CVSS 5.0 (medium): Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a…
CVE-2005-0320 — CVSS 5.0 (medium): Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject…
CVE-2005-3132 — CVSS 5.0 (medium): MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive…
CVE-2005-3133 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows…
CVE-2005-4557 — CVSS 5.0 (medium): dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows…
CVE-2005-4559 — CVSS 5.0 (medium): mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not…
CVE-2006-0817 — CVSS 5.0 (medium): Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b)…
CVE-2005-1491 — CVSS 4.6 (medium): Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html…
CVE-2004-1669 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote…
CVE-2006-2484 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web…
CVE-2002-1899 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML…
CVE-2005-3131 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions…
CVE-2006-0818 — CVSS 4.0 (medium): Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2)…
CVE-2005-0321 — CVSS 2.1 (low): MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to…
CVE-2005-1490 — CVSS 2.1 (low): Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to…
CVE-2005-1488 — CVSS 1.9 (low): Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users…