Mail Server
Approved changes feed: RSS · Atom
cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Icewarp (c8030f23-957a-58b4-8b02-23bd6cb49d34) |
|---|---|
| Product | Mail Server (78879462-47f8-5f95-a8d9-2e9132ea0594) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-36580 |
vulnerable | 2026-06-03 14:44:58.971715 |
Details available
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
Published: 2023-07-27T00:00:00.000Z
Updated: 2024-10-23T13:05:42.286Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19266 |
vulnerable | 2026-06-03 14:40:04.198198 |
Details available
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Published: 2020-01-06T00:00:39.000Z
Updated: 2024-08-05T02:09:39.569Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19265 |
vulnerable | 2026-06-03 14:40:04.197812 |
Details available
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
Published: 2020-01-06T00:09:20.000Z
Updated: 2024-08-05T02:09:39.609Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12593 |
vulnerable | 2026-06-03 14:39:35.093398 |
Details available
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
Published: 2019-06-03T16:41:07.000Z
Updated: 2024-08-04T23:24:38.796Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16324 |
vulnerable | 2026-06-03 14:38:20.329291 |
Details available
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
Published: 2018-09-01T18:00:00.000Z
Updated: 2024-08-05T10:17:38.551Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-1503 |
vulnerable | 2026-06-03 14:34:39.598986 |
Details available
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
Published: 2018-05-08T20:00:00.000Z
Updated: 2024-08-06T04:47:16.957Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-3580 |
vulnerable | 2026-06-03 14:31:20.539980 |
Details available
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
Published: 2011-09-30T17:00:00.000Z
Updated: 2024-08-06T23:37:48.328Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-3579 |
vulnerable | 2026-06-03 14:31:20.529747 |
Details available
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Published: 2011-09-30T17:00:00.000Z
Updated: 2024-08-06T23:37:48.350Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.