GCVE - cpe:2.3:a:icewarp:webmail_server:2.10.105:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:icewarp:webmail_server:2.10.105:*:*:*:*:*:*:*

part: a version: 2.10.105 update: *

Vendor	Icewarp (`c8030f23-957a-58b4-8b02-23bd6cb49d34`)
Product	Webmail Server (`75edc026-52a2-5d1f-9bc3-66e7b742fa50`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-1469`	vulnerable	2026-06-03 14:29:35.774723	Details available CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message. Published: 2009-05-05T20:00:00.000Z Updated: 2024-08-07T05:13:25.587Z Open on db.gcve.eu Reference links http://osvdb.org/54229 http://www.redteam-pentesting.de/advisories/rt-sa-2009-004 http://www.securityfocus.com/bid/34827 http://www.securityfocus.com/archive/1/503227/100/0/threaded http://www.vupen.com/english/advisories/2009/1253	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1468`	vulnerable	2026-06-03 14:29:35.770493	Details available Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. Published: 2009-05-05T20:00:00.000Z Updated: 2024-08-07T05:13:25.634Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/34820 http://www.securitytracker.com/id?1022169 http://www.vupen.com/english/advisories/2009/1253 http://osvdb.org/54228 http://www.redteam-pentesting.de/advisories/rt-sa-2009-003	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1467`	vulnerable	2026-06-03 14:29:35.717706	Details available Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php. Published: 2009-05-05T20:00:00.000Z Updated: 2024-08-07T05:13:25.568Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/50331 http://www.securityfocus.com/bid/34825 http://www.securitytracker.com/id?1022167 http://www.securityfocus.com/archive/1/503225/100/0/threaded http://www.redteam-pentesting.de/advisories/rt-sa-2009-001	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Webmail Server

PURL mappings

Vulnerability references

Contribute