CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1:*:*:*:*:*:*:*
cpe:2.3:a:icewarp:web_mail:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:merak:mail_server:8.3.0r:*:*:*:*:*:*:*

History

21 Nov 2024, 00:04

Type Values Removed Values Added
References () http://marc.info/?l=full-disclosure&m=113570229524828&w=2 - () http://marc.info/?l=full-disclosure&m=113570229524828&w=2 -
References () http://secunia.com/advisories/17046 - Exploit, Patch, Vendor Advisory () http://secunia.com/advisories/17046 - Exploit, Patch, Vendor Advisory
References () http://secunia.com/advisories/17865 - () http://secunia.com/advisories/17865 -
References () http://secunia.com/secunia_research/2005-62/advisory/ - Exploit, Vendor Advisory () http://secunia.com/secunia_research/2005-62/advisory/ - Exploit, Vendor Advisory
References () http://securitytracker.com/id?1015412 - () http://securitytracker.com/id?1015412 -
References () http://www.osvdb.org/22080 - () http://www.osvdb.org/22080 -
References () http://www.osvdb.org/22081 - () http://www.osvdb.org/22081 -
References () http://www.securityfocus.com/archive/1/420255/100/0/threaded - () http://www.securityfocus.com/archive/1/420255/100/0/threaded -
References () http://www.securityfocus.com/bid/16069 - Exploit () http://www.securityfocus.com/bid/16069 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/23904 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/23904 -

Information

Published : 2005-12-28 11:03

Updated : 2024-11-21 00:04


NVD link : CVE-2005-4558

Mitre link : CVE-2005-4558

CVE.ORG link : CVE-2005-4558


JSON object : View

Products Affected

icewarp

  • web_mail

deerfield

  • visnetic_mail_server

merak

  • mail_server