Description
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ShineShadow · textwebappsphp
https://www.exploit-db.com/exploits/26313
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14988
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17046/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14986
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112810385104168&w=2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1933
Scores
EPSS
0.0473
EPSS Percentile
89.4%
Details
Status
published
Products (2)
icewarp/web_mail
5.5.1
merak/mail_server
8.2.4r
Published
Oct 04, 2005
Tracked Since
Feb 18, 2026