Vulnerability Details CVE-2004-1674
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789
- http://www.securityfocus.com/bid/11371
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17976
- http://marc.info/?l=bugtraq&m=109483971420067&w=2
- http://secunia.com/advisories/12789
- http://www.securityfocus.com/bid/11371
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17976
Products affected by CVE-2004-1674
-
cpe:2.3:a:icewarp:web_mail:3.3.2
-
cpe:2.3:a:icewarp:web_mail:5.2.7
-
cpe:2.3:a:icewarp:web_mail:5.2.8
-
cpe:2.3:a:merak:mail_server:7.4.5