CVE-2005-4558
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2005-4558
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
IceWarp Web Mail多个文件包含漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IceWarp Web Mail(冰星网上邮件系统)是支持中日文邮件的Web Mail服务器引擎。 IceWarp Web Mail中存在多个输入验证漏洞,具体如下: 1) webmail和webadmin服务运行启用了register_global的PHP。在直接访问脚本时没有正确的初始化/accounts/inc/include.php和/admin/inc/include.php中的language和lang_settings变量,这可能允许覆盖变量,导致脚本包含本地或远程来源的任意PHP脚本。 2
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2005-4558
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2005-4558
Please Login to view more intelligence information
- http://secunia.com/secunia_research/2005-62/advisory/x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2005-4558
Same Patch Batch · n/a · 2005-12-28 · 35 CVEs total
| CVE-2005-4553 | Golden FTP Server APPE命令缓冲区溢出漏洞 | |
| CVE-2005-4545 | NetDirect ShopEngine EXPS参数跨站脚本攻击漏洞 | |
| CVE-2005-4546 | Epic Designs Eggblog Search.PHP SQL注入漏洞 | |
| CVE-2005-4547 | eggblog home/search.php 跨站脚本攻击漏洞 | |
| CVE-2005-4548 | Real Web Solution Statistics Counter Service SQL注入漏洞 | |
| CVE-2005-4549 | OracleAS Discussion Forum Portlet多个远程输入验证漏洞 | |
| CVE-2005-4550 | OracleAS Discussion Forum Portlet多个远程输入验证漏洞 | |
| CVE-2005-4551 | SimpBook Guestbook HTML注入漏洞 | |
| CVE-2005-4552 | Sun Solaris PC NetLink不安全权限漏洞 | |
| CVE-2005-4534 | Bugzilla Syncshadowdb不安全临时文件创建漏洞 | |
| CVE-2005-4554 | Dev Web Management System多个SQL注入漏洞 | |
| CVE-2005-4555 | Dev Web Management System跨站脚本攻击漏洞 | |
| CVE-2005-4556 | IceWarp Web Mail多个文件包含漏洞 | |
| CVE-2005-4557 | IceWarp Web Mail多个文件包含漏洞 | |
| CVE-2005-4559 | IceWarp Web Mail多个文件包含漏洞 | |
| CVE-2005-4560 | Microsoft Windows图形渲染引擎WMF格式代码执行漏洞 | |
| CVE-2005-3345 | RSSH RSSH_CHROOT_HELPER本地提权漏洞 | |
| CVE-2005-4525 | Sygate Protection Agent本地未授权访问漏洞 | |
| CVE-2005-4517 | PHP-Fusion SQL注入漏洞 | |
| CVE-2005-4518 | Mantis多个未明远程漏洞 |
Showing top 20 of 35 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2005-4558
No comments yet