CVE-2006-0818
Summary
| CVE | CVE-2006-0818 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-07-21 14:03:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. |
Risk And Classification
Primary CVSS: v2.0 4 from [email protected]
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS: 0.010030000 probability, percentile 0.770440000 (date 2026-04-20)
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:L/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Deerfield | Visnetic Mail Server | 8.3.5 | All | All | All |
| Application | Icewarp | Web Mail | 5.6.0 | All | All | All |
| Application | Merak | Mail Server | 8.3.8r | All | windows | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| VisNetic Mail Server Two File Inclusion Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Exploit, Patch, Vendor Advisory |
| SecurityTracker.com Archives - VisNetic MailServer Include File Bug in 'language' and Other Parameters Lets Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| IceWarp Web Mail Two File Inclusion Vulnerabilities - Secunia Research - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Exploit, Patch, Vendor Advisory |
| IceWarp Web Mail Multiple File Include Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| VisNetic Mail Server Multiple File Include Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit, Patch |
| IceWarp Web Mail Two File Inclusion Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Exploit, Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| SecurityTracker.com Archives - IceWarp Web Mail Include File Bug in 'language' and Other Parameters Lets Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| VisNetic Mail Server Two File Inclusion Vulnerabilities - Secunia Research - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Exploit, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.