Mailenable Professional
by MailEnable
CVEs (38)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0652 | 0.00 | — | 0.02 | Feb 15, 2007 | Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | |||
| CVE-2007-0651 | 0.00 | — | 0.03 | Feb 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in… | |||
| CVE-2006-6964 | 0.00 | — | 0.01 | Jan 29, 2007 | MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | |||
| CVE-2006-6605 | 0.00 | — | 0.06 | Dec 19, 2006 | Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | |||
| CVE-2006-6484 | 0.00 | — | 0.03 | Dec 12, 2006 | The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer… | |||
| CVE-2006-6290 | 0.00 | — | 0.03 | Dec 5, 2006 | Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or… | |||
| CVE-2006-5176 | 0.00 | — | 0.05 | Oct 10, 2006 | Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages". | |||
| CVE-2006-4616 | 0.00 | — | 0.03 | Sep 7, 2006 | SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception. | |||
| CVE-2006-1792 | 0.00 | — | 0.02 | Apr 15, 2006 | Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected… | |||
| CVE-2006-1338 | 0.00 | — | 0.02 | Mar 21, 2006 | Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails". | |||
| CVE-2006-0503 | 0.00 | — | 0.02 | Feb 1, 2006 | IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command. | |||
| CVE-2005-3993 | 0.00 | — | 0.01 | Dec 5, 2005 | Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | |||
| CVE-2005-3690 | 0.00 | — | 0.05 | Nov 19, 2005 | Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe,… | |||
| CVE-2005-2222 | 0.00 | — | 0.01 | Jul 12, 2005 | Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. | |||
| CVE-2005-1781 | 0.00 | — | 0.02 | May 31, 2005 | Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | |||
| CVE-2005-1014 | 0.00 | — | 0.05 | May 2, 2005 | Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command. | |||
| CVE-2004-2726 | 0.00 | — | 0.03 | Dec 31, 2004 | HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348. | |||
| CVE-2004-2194 | 0.00 | — | 0.02 | Dec 31, 2004 | MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands. |
- CVE-2007-0652Feb 15, 2007risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
- CVE-2007-0651Feb 15, 2007risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in…
- CVE-2006-6964Jan 29, 2007risk 0.00cvss —epss 0.01
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
- CVE-2006-6605Dec 19, 2006risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
- CVE-2006-6484Dec 12, 2006risk 0.00cvss —epss 0.03
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer…
- CVE-2006-6290Dec 5, 2006risk 0.00cvss —epss 0.03
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or…
- CVE-2006-5176Oct 10, 2006risk 0.00cvss —epss 0.05
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
- CVE-2006-4616Sep 7, 2006risk 0.00cvss —epss 0.03
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
- CVE-2006-1792Apr 15, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected…
- CVE-2006-1338Mar 21, 2006risk 0.00cvss —epss 0.02
Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".
- CVE-2006-0503Feb 1, 2006risk 0.00cvss —epss 0.02
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
- CVE-2005-3993Dec 5, 2005risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.
- CVE-2005-3690Nov 19, 2005risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe,…
- CVE-2005-2222Jul 12, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
- CVE-2005-1781May 31, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
- CVE-2005-1014May 2, 2005risk 0.00cvss —epss 0.05
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.
- CVE-2004-2726Dec 31, 2004risk 0.00cvss —epss 0.03
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
- CVE-2004-2194Dec 31, 2004risk 0.00cvss —epss 0.02
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
Page 2 of 2