Remote Code Execution Vulnerability in Merak Mail Server and Icewarp Web Mail
CVE-2004-1673

Currently unrated

Key Information:

Vendor: Icewarp
Status: Web Mail
Vendor: CVE Published:; 12 October 2004

What is CVE-2004-1673?

The accountsettings_add.html file in Merak Mail Server 7.4.5 and Icewarp Web Mail 5.2.7 contains a critical flaw that enables remote attackers to create text files with arbitrary content by exploiting the accountid parameter. This security issue can lead to unauthorized access and manipulation of server data, posing significant risks to users and organizations relying on these systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17317

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=109483971420067&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/12789

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Feb 21, 2005
Vulnerability published
Oct 12, 2004

JSON