Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IceWarp Web Mail多个文件包含漏洞
Vulnerability Description
IceWarp Web Mail(冰星网上邮件系统)是支持中日文邮件的Web Mail服务器引擎。 IceWarp Web Mail中存在多个输入验证漏洞,具体如下: 1) webmail和webadmin服务运行启用了register_global的PHP。在直接访问脚本时没有正确的初始化/accounts/inc/include.php和/admin/inc/include.php中的language和lang_settings变量,这可能允许覆盖变量,导致脚本包含本地或远程来源的任意PHP脚本。 2
CVSS Information
N/A
Vulnerability Type
N/A