VYPR

Mailenable Professional

by MailEnable

CVEs (38)

  • CVE-2007-0652Feb 15, 2007
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

  • CVE-2007-0651Feb 15, 2007
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in…

  • CVE-2006-6964Jan 29, 2007
    risk 0.00cvss epss 0.01

    MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.

  • CVE-2006-6605Dec 19, 2006
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.

  • CVE-2006-6484Dec 12, 2006
    risk 0.00cvss epss 0.03

    The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer…

  • CVE-2006-6290Dec 5, 2006
    risk 0.00cvss epss 0.03

    Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or…

  • CVE-2006-5176Oct 10, 2006
    risk 0.00cvss epss 0.05

    Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".

  • CVE-2006-4616Sep 7, 2006
    risk 0.00cvss epss 0.03

    SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.

  • CVE-2006-1792Apr 15, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected…

  • CVE-2006-1338Mar 21, 2006
    risk 0.00cvss epss 0.02

    Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".

  • CVE-2006-0503Feb 1, 2006
    risk 0.00cvss epss 0.02

    IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.

  • CVE-2005-3993Dec 5, 2005
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.

  • CVE-2005-3690Nov 19, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe,…

  • CVE-2005-2222Jul 12, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.

  • CVE-2005-1781May 31, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).

  • CVE-2005-1014May 2, 2005
    risk 0.00cvss epss 0.05

    Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.

  • CVE-2004-2726Dec 31, 2004
    risk 0.00cvss epss 0.03

    HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.

  • CVE-2004-2194Dec 31, 2004
    risk 0.00cvss epss 0.02

    MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.

Page 2 of 2