VYPR
Vendor

Hmailserver

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2013-5571MedJan 7, 2020
    risk 0.38cvss 5.9epss 0.01

    HMailServer 5.3.x and prior: Memory Corruption which could cause DOS

  • CVE-2008-3676Aug 14, 2008
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.

  • CVE-2025-52374Jul 21, 2025
    risk 0.00cvss epss 0.00

    Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.

  • CVE-2025-52372Jul 21, 2025
    risk 0.00cvss epss 0.00

    An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.

  • CVE-2025-52373Jul 21, 2025
    risk 0.00cvss epss 0.00

    Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.

  • CVE-2007-1991Apr 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.

  • CVE-2004-1129Jan 10, 2005
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

  • CVE-2004-1130Jan 10, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.