Hmailserver
by Hmailserver
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5571 | Med | 0.38 | 5.9 | 0.01 | Jan 7, 2020 | HMailServer 5.3.x and prior: Memory Corruption which could cause DOS | ||
| CVE-2008-3676 | 0.03 | — | 0.03 | Aug 14, 2008 | Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands. | |||
| CVE-2025-52374 | 0.00 | — | 0.00 | Jul 21, 2025 | Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections. | |||
| CVE-2025-52372 | 0.00 | — | 0.00 | Jul 21, 2025 | An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components. | |||
| CVE-2025-52373 | 0.00 | — | 0.00 | Jul 21, 2025 | Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file. | |||
| CVE-2007-1991 | 0.00 | — | 0.01 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | |||
| CVE-2004-1129 | 0.00 | — | 0.02 | Jan 10, 2005 | SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | |||
| CVE-2004-1130 | 0.00 | — | 0.01 | Jan 10, 2005 | Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. |
- risk 0.38cvss 5.9epss 0.01
HMailServer 5.3.x and prior: Memory Corruption which could cause DOS
- CVE-2008-3676Aug 14, 2008risk 0.03cvss —epss 0.03
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
- CVE-2025-52374Jul 21, 2025risk 0.00cvss —epss 0.00
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.
- CVE-2025-52372Jul 21, 2025risk 0.00cvss —epss 0.00
An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.
- CVE-2025-52373Jul 21, 2025risk 0.00cvss —epss 0.00
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
- CVE-2007-1991Apr 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
- CVE-2004-1129Jan 10, 2005risk 0.00cvss —epss 0.02
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.
- CVE-2004-1130Jan 10, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.