Every CVE whose affected-product data names Merak Mail Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2004-1674 — CVSS 7.5 (high): viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete…
CVE-2002-0258 — CVSS 7.5 (high): Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote…
CVE-2005-4556 — CVSS 7.5 (high): PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0…
CVE-2004-1670 — CVSS 7.5 (high): Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote…
CVE-2004-1722 — CVSS 7.5 (high): SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the…
CVE-2005-0322 — CVSS 7.2 (high): MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1)…
CVE-2005-4558 — CVSS 6.5 (medium): IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict…
CVE-2005-1489 — CVSS 5.0 (medium): Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of…
CVE-2004-1720 — CVSS 5.0 (medium): The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information…
CVE-2004-1721 — CVSS 5.0 (medium): The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a…
CVE-2005-3132 — CVSS 5.0 (medium): MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive…
CVE-2005-3133 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows…
CVE-2005-4557 — CVSS 5.0 (medium): dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows…
CVE-2005-4559 — CVSS 5.0 (medium): mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not…
CVE-2006-0817 — CVSS 5.0 (medium): Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b)…
CVE-2005-1491 — CVSS 4.6 (medium): Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html…
CVE-2004-1669 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote…
CVE-2004-1719 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or…
CVE-2005-3131 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions…
CVE-2006-0818 — CVSS 4.0 (medium): Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2)…
CVE-2005-1490 — CVSS 2.1 (low): Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to…
CVE-2005-0321 — CVSS 2.1 (low): MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to…
CVE-2005-1488 — CVSS 1.9 (low): Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users…