VYPR

Server

by IceWarp

Source repositories

CVEs (27)

  • CVE-2017-7855MedAug 31, 2017
    risk 0.40cvss 6.1epss 0.02

    In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.

  • CVE-2017-12844MedAug 23, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.

  • CVE-2019-12593Jun 3, 2019
    risk 0.09cvss epss 0.41

    IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

  • CVE-2003-1192Nov 3, 2003
    risk 0.09cvss epss 0.69

    Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.

  • CVE-2020-8512Jan 31, 2020
    risk 0.06cvss epss 0.15

    In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.

  • CVE-2000-0507Jun 1, 2000
    risk 0.04cvss epss 0.07

    Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.

  • CVE-2012-2593Feb 6, 2020
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.

  • CVE-2011-3579Sep 30, 2011
    risk 0.03cvss epss 0.05

    server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in…

  • CVE-2009-1469May 5, 2009
    risk 0.03cvss epss 0.05

    CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the…

  • CVE-2009-1468May 5, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an…

  • CVE-2009-1467May 5, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML…

  • CVE-2009-1516May 4, 2009
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly…

  • CVE-2023-39700Aug 24, 2023
    risk 0.01cvss epss 0.01

    IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

  • CVE-2021-36580Jul 27, 2023
    risk 0.01cvss epss 0.02

    Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.

  • CVE-2025-40632May 16, 2025
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.

  • CVE-2025-40631May 16, 2025
    risk 0.00cvss epss 0.00

    HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.

  • CVE-2025-40630May 16, 2025
    risk 0.00cvss epss 0.00

    Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e”…

  • CVE-2023-39699Aug 24, 2023
    risk 0.00cvss epss 0.01

    IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.

  • CVE-2020-14066Jul 15, 2020
    risk 0.00cvss epss 0.02

    IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

  • CVE-2020-14065Jul 15, 2020
    risk 0.00cvss epss 0.01

    IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.

Page 1 of 2