Gecad Technologies
Products
6- 14 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28589 | Med | 0.44 | 6.7 | 0.00 | Apr 3, 2024 | An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization. | ||
| CVE-2015-5379 | Med | 0.35 | 5.4 | 0.02 | Oct 23, 2017 | Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. | ||
| CVE-2024-25080 | Med | 0.31 | 4.7 | 0.00 | Apr 1, 2024 | WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. | ||
| CVE-2012-4940 | 0.10 | — | 0.84 | Oct 31, 2012 | Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the… | |||
| CVE-2022-31470 | 0.05 | — | 0.52 | Jun 7, 2022 | An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and… | |||
| CVE-2010-3460 | 0.04 | — | 0.08 | Sep 17, 2010 | Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | |||
| CVE-2008-0434 | 0.04 | — | 0.10 | Jan 23, 2008 | Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. | |||
| CVE-2007-0887 | 0.04 | — | 0.10 | Feb 12, 2007 | axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). | |||
| CVE-2007-0886 | 0.04 | — | 0.09 | Feb 12, 2007 | Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. | |||
| CVE-2012-2592 | 0.03 | — | 0.02 | Jun 18, 2014 | Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||
| CVE-2023-40355 | 0.01 | — | 0.01 | Feb 7, 2024 | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and… | |||
| CVE-2025-68643 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the… | |||
| CVE-2025-68721 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint… | |||
| CVE-2025-68722 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and… | |||
| CVE-2025-68723 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage… | |||
| CVE-2020-26942 | 0.00 | — | 0.00 | Mar 6, 2024 | An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. | |||
| CVE-2023-23566 | 0.00 | — | 0.01 | Jan 13, 2023 | A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification… | |||
| CVE-2010-3459 | 0.00 | — | 0.01 | Sep 17, 2010 | Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-1484 | 0.00 | — | 0.01 | Apr 29, 2009 | Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the… |
- risk 0.44cvss 6.7epss 0.00
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.
- risk 0.35cvss 5.4epss 0.02
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.
- risk 0.31cvss 4.7epss 0.00
WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.
- CVE-2012-4940Oct 31, 2012risk 0.10cvss —epss 0.84
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the…
- CVE-2022-31470Jun 7, 2022risk 0.05cvss —epss 0.52
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and…
- CVE-2010-3460Sep 17, 2010risk 0.04cvss —epss 0.08
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
- CVE-2008-0434Jan 23, 2008risk 0.04cvss —epss 0.10
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
- CVE-2007-0887Feb 12, 2007risk 0.04cvss —epss 0.10
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
- CVE-2007-0886Feb 12, 2007risk 0.04cvss —epss 0.09
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
- CVE-2012-2592Jun 18, 2014risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
- CVE-2023-40355Feb 7, 2024risk 0.01cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and…
- CVE-2025-68643Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the…
- CVE-2025-68721Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint…
- CVE-2025-68722Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and…
- CVE-2025-68723Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage…
- CVE-2020-26942Mar 6, 2024risk 0.00cvss —epss 0.00
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.
- CVE-2023-23566Jan 13, 2023risk 0.00cvss —epss 0.01
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification…
- CVE-2010-3459Sep 17, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-1484Apr 29, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the…