Total vulnerabilities in the database
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
| Software | From | Fixed in |
|---|---|---|
| merak / mail_server | 7.4.5 | 7.4.5.x |
| icewarp / web_mail | 5.2.7 | 5.2.7.x |
| icewarp / web_mail | 5.2.8 | 5.2.8.x |
| icewarp / web_mail | 3.3.2 | 3.3.2.x |