VYPR
Unrated severityNVD Advisory· Published Sep 10, 2004· Updated Jun 16, 2026

CVE-2004-1670

CVE-2004-1670

Description

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • IceWarp/WebMail4 versions
    cpe:2.3:a:icewarp:web_mail:3.3.2:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:icewarp:web_mail:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:icewarp:web_mail:5.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:icewarp:web_mail:5.2.8:*:*:*:*:*:*:*
    • (no CPE)range: =5.2.7
  • Merak/Mail Server2 versions
    cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*
    • (no CPE)range: =7.4.5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.