CVE-2005-3133

MERAK Mail Server 8.2.4r - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3133. PoCs published by ShineShadow.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file deletion vulnerability in Merak Mail Server 8.2.4r due to improper input validation in the logout.html endpoint. The attacker can delete files by manipulating the 'id' parameter with relative paths or null-byte termination.

Description

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ShineShadow · textwebappsphp
https://www.exploit-db.com/exploits/26313

This exploit demonstrates an arbitrary file deletion vulnerability in Merak Mail Server 8.2.4r due to improper input validation in the logout.html endpoint. The attacker can delete files by manipulating the 'id' parameter with relative paths or null-byte termination.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Merak Mail Server 8.2.4r
No auth needed
Prerequisites: Network access to the target server · Merak Mail Server web interface exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14988
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17046/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14986
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112810385104168&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1933

Scores

EPSS 0.0611
EPSS Percentile 92.5%

Details

Status published
Products (2)
icewarp/web_mail 5.5.1
merak/mail_server 8.2.4r
Published Oct 04, 2005
Tracked Since Feb 18, 2026