CVE-2004-1674

Name of the Vulnerable Software and Affected Versions Merak Mail Server version 7.4.5

Description The issue allows remote attackers to delete or move arbitrary files. This can be achieved through the viewaction.html page in Merak Mail Server with Icewarp Web Mail. Specifically, attackers can delete files via the originalfolder parameter or move files via the messageid parameter.

Recommendations For Merak Mail Server version 7.4.5, consider restricting access to the viewaction.html page until a fix is available. As a temporary workaround, limit the use of the originalfolder and messageid parameters to prevent file deletion and movement.