Mailenable
by MailEnable
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1013 | 0.03 | — | 0.06 | May 2, 2005 | The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string. | |||
| CVE-2004-2727 | 0.03 | — | 0.04 | Dec 31, 2004 | Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request. | |||
| CVE-2002-2357 | 0.03 | — | 0.03 | Dec 31, 2002 | MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow. | |||
| CVE-2025-44148 | 0.01 | — | 0.54 | Jun 3, 2025 | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component | |||
| CVE-2006-6997 | 0.01 | — | 0.06 | Feb 12, 2007 | Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of… | |||
| CVE-2026-32852 | 0.00 | — | 0.00 | Mar 23, 2026 | MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the… | |||
| CVE-2026-32850 | 0.00 | — | 0.00 | Mar 23, 2026 | MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the… | |||
| CVE-2025-34427 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem… | |||
| CVE-2025-34428 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem… | |||
| CVE-2025-34421 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34417 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34419 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34416 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34422 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34418 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34424 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34423 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34420 | 0.00 | — | 0.00 | Dec 10, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a… | |||
| CVE-2025-34425 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a… | |||
| CVE-2025-34396 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure… |
- CVE-2005-1013May 2, 2005risk 0.03cvss —epss 0.06
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
- CVE-2004-2727Dec 31, 2004risk 0.03cvss —epss 0.04
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.
- CVE-2002-2357Dec 31, 2002risk 0.03cvss —epss 0.03
MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow.
- CVE-2025-44148Jun 3, 2025risk 0.01cvss —epss 0.54
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
- CVE-2006-6997Feb 12, 2007risk 0.01cvss —epss 0.06
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of…
- CVE-2026-32852Mar 23, 2026risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the…
- CVE-2026-32850Mar 23, 2026risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the…
- CVE-2025-34427Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem…
- CVE-2025-34428Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem…
- CVE-2025-34421Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34417Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34419Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34416Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34422Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34418Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34424Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34423Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34420Dec 10, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a…
- CVE-2025-34425Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a…
- CVE-2025-34396Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure…
Page 2 of 4