Shineshadow

**Name of the Vulnerable Software and Affected Versions** Kaspersky Anti-Virus versions 5.0 through 9.0.0.463 Kaspersky Antivirus Personal version 5.0.x Kaspersky Internet Security versions 7.0.1.325 through 9.0.0.463 **Description** The issue allows local users to gain SYSTEM privileges by exploiting weak permissions set for the BASES directory. This can be achieved by replacing an executable or DLL with a Trojan horse, potentially leading to elevated access. **Recommendations** For Kaspersky Anti-Virus versions 5.0 through 9.0.0.463, consider restricting access to the BASES directory to prevent local users from replacing executables or DLLs with malicious files. For Kaspersky Antivirus Personal version 5.0.x, restrict access to the BASES directory to minimize the risk of exploitation. For Kaspersky Internet Security versions 7.0.1.325 through 9.0.0.463, limit access to the BASES directory to prevent unauthorized modifications.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server versions 8.2.4r and possibly earlier versions **Description** The issue allows remote attackers to delete arbitrary files or directories via a relative path to the `id` parameter to "logout.html" or include arbitrary PHP files or other files via the `helpid` parameter to "help.html". **Recommendations** For MERAK Mail Server version 8.2.4r, restrict access to the "logout.html" and "help.html" endpoints to minimize the risk of exploitation. As a temporary workaround, consider disabling the `id` and `helpid` parameters in the affected endpoints until a patch is available. Avoid using the `id` parameter in the "logout.html" endpoint and the `helpid` parameter in the "help.html" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server version 8.2.4r Icewarp Web Mail version 5.5.1 possibly earlier versions of MERAK Mail Server and Icewarp Web Mail **Description** The issue allows remote attackers to obtain sensitive information via a direct request to "bwlist inc.html", which reveals the path in an error message. **Recommendations** For MERAK Mail Server version 8.2.4r, consider restricting access to the "bwlist inc.html" page until a fix is available. For Icewarp Web Mail version 5.5.1, avoid using the page that includes "bwlist inc.html" in requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server versions 8.2.4r and possibly earlier versions **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `id` parameter to "blank.html", or the `createdataCX` parameter to "calendar d.html", "calendar m.html", or "calendar w.html". **Recommendations** For MERAK Mail Server version 8.2.4r, consider restricting access to the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in "blank.html" and the `createdataCX` parameter in "calendar d.html", "calendar m.html", or "calendar w.html" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Merak Mail Server version 8.0.3 Description: The issue allows remote authenticated users to obtain the full path of the server via certain requests to API endpoints such as "calendar addevent.html", "calendar event.html", or "calendar task.html". Recommendations: For Merak Mail Server version 8.0.3, consider restricting access to the affected API endpoints "calendar addevent.html", "calendar event.html", and "calendar task.html" until a fix is available.

Name of the Vulnerable Software and Affected Versions: Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2 Description: The issue allows remote authenticated users to perform certain unauthorized actions. This includes moving their home directory via "viewaction.html" or moving arbitrary files via the `importfile` parameter to "importaction.html". Recommendations: For Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2, consider restricting access to "viewaction.html" and "importaction.html" until a fix is available, and limit the use of the `importfile` parameter to prevent arbitrary file movement.

Name of the Vulnerable Software and Affected Versions: Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2 Description: The issue allows remote authenticated users to determine if a file exists by manipulating the `folder` parameter in the "attachment.html" endpoint. This can be exploited when the mailbox.dat file does not exist. Recommendations: For Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2, consider restricting access to the "attachment.html" endpoint until a fix is available, or ensure the mailbox.dat file exists to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via several fields, including the E-mail address, Note, or Public Certificate fields to "address.html", "addressaction.html", the Signature field to "settings.html", or the Shared calendars to "calendarsettings.html". Recommendations: For Merak Mail Server version 8.0.3 with Icewarp Web Mail version 5.4.2, consider restricting access to the `address.html`, `addressaction.html`, `settings.html`, and `calendarsettings.html` endpoints until a patch is available. As a temporary workaround, avoid using the `E-mail address`, `Note`, `Public Certificate`, `Signature`, and `Shared calendars` fields in the affected endpoints. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Argosoft Mail Server Pro version 1.8.7.6 Description: The issue allows remote attackers to create arbitrary accounts in Argosoft Mail Server Pro, even when the "Allow Creation of Accounts From the Web Interface" option is disabled. This can be achieved via a direct HTTP POST request to the addnew script. Recommendations: For Argosoft Mail Server Pro version 1.8.7.6, consider disabling the addnew script until a patch is available to prevent remote attackers from creating arbitrary accounts. Restrict access to the web interface to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Argosoft Mail Server Pro version 1.8.7.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the `src` parameter in an `IMG` tag, User settings, or Address book input boxes in the webmail interface. This can lead to cross-site scripting (XSS) attacks. Recommendations: For Argosoft Mail Server Pro version 1.8.7.6, consider disabling the webmail interface or restricting access to it until a patch is available. As a temporary workaround, avoid using the `src` parameter in `IMG` tags, and restrict user input in Address book input boxes and User settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Argosoft Mail Server Pro version 1.8.7.6 Description: The issue allows remote authenticated users to read arbitrary files or copy/move files to arbitrary locations. This is achieved via the `UIDL` parameter to the "msg script" or through the "delete script". Recommendations: For Argosoft Mail Server Pro version 1.8.7.6, consider restricting access to the `UIDL` parameter in the "msg script" and limiting the functionality of the "delete script" to prevent copying or moving files to arbitrary locations until a fix is available.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server versions 7.6.0 through 7.6.4r **Description** The issue concerns the use of weak encryption in certain configuration files, specifically `users.cfg`, `settings.cfg`, `users.dat`, or `user.dat` files. This weakness allows local users to extract passwords from these files. **Recommendations** For MERAK Mail Server versions 7.6.0 through 7.6.4r, consider restricting access to the `users.cfg`, `settings.cfg`, `users.dat`, and `user.dat` files to minimize the risk of password extraction. Additionally, as a temporary workaround, limit local user privileges to reduce the potential for exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server version 7.6.0 with Icewarp Web Mail version 5.3.0 **Description** The issue allows remote authenticated users to gain sensitive information via an HTTP request to specific endpoints, including "calendar d.html", "calendar m.html", "calendar w.html", or "calendar y.html", which reveal the installation path. **Recommendations** For MERAK Mail Server version 7.6.0 with Icewarp Web Mail version 5.3.0, consider restricting access to the vulnerable endpoints "calendar d.html", "calendar m.html", "calendar w.html", and "calendar y.html" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server version 7.6.0 with Icewarp Web Mail version 5.3.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters and fields, including the `username` parameter to "login.html", the `accountid` parameter to "accountsettings add.html", and the `note`, `title`, and `location` fields to "calendar.html". **Recommendations** For MERAK Mail Server version 7.6.0 with Icewarp Web Mail version 5.3.0, consider disabling access to the "login.html", "accountsettings add.html", and "calendar.html" pages until a fix is available. Restrict the use of the `username` and `accountid` parameters, as well as the `note`, `title`, and `location` fields, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Merak Mail Server version 7.4.5 **Description** The issue allows remote attackers to view other users' attachments by specifying the `username` and `message ID` in an HTTP request. This affects the attachment.html component in Merak Mail Server with Icewarp Web Mail. **Recommendations** For Merak Mail Server version 7.4.5, consider restricting access to the attachment.html component until a patch is available. As a temporary workaround, avoid using the `username` and `message ID` parameters in HTTP requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Merak Mail Server version 7.4.5 **Description** The issue allows remote attackers to create text files with arbitrary content. This is achieved via the `accountid` parameter in the "accountsettings add.html" page, potentially affecting Icewarp Web Mail version 5.2.7 and possibly other versions. **Recommendations** For Merak Mail Server version 7.4.5, consider restricting access to the "accountsettings add.html" page to minimize the risk of exploitation. Avoid using the `accountid` parameter in this page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Merak Mail Server version 7.4.5 **Description** The issue allows remote attackers to create arbitrary directories or rename arbitrary files. This can be achieved by exploiting directory traversal vulnerabilities, specifically by using a .. (dot dot) in the `user` parameter to viewaction.html or a ....// (doubled dot dot) in the `folderold` or `folder` parameters to folders.html. **Recommendations** For Merak Mail Server version 7.4.5, consider restricting access to the viewaction.html and folders.html endpoints until a patch is available. As a temporary workaround, avoid using the `user`, `folderold`, and `folder` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** MERAK Mail Server version 7.4.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web script or HTML. This can be achieved via the `User name` parameter to "accountsettings.html" or the `Search string` parameter to "search.html". **Recommendations** For MERAK Mail Server version 7.4.5, consider restricting access to the "accountsettings.html" and "search.html" endpoints until a patch is available. As a temporary workaround, avoid using the `User name` and `Search string` parameters in the affected endpoints.