VYPR

Vendor CVEs

MailEnable

All CVEs

94 total · sorted by risk
  • CVE-2025-34406Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response.…

  • CVE-2025-34404Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a…

  • CVE-2025-34397Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the…

  • CVE-2025-34407Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response,…

  • CVE-2021-37274Sep 27, 2021
    risk 0.00cvss epss 0.01

    Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.

  • CVE-2019-11899Sep 12, 2019
    risk 0.00cvss epss 0.01

    An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.

  • CVE-2019-11898Sep 12, 2019
    risk 0.00cvss epss 0.01

    Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.

  • CVE-2019-12927Jul 8, 2019
    risk 0.00cvss epss 0.01

    MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.

  • CVE-2019-12926Jul 8, 2019
    risk 0.00cvss epss 0.01

    MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain…

  • CVE-2019-12925Jul 8, 2019
    risk 0.00cvss epss 0.02

    MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including…

  • CVE-2019-12924Jul 8, 2019
    risk 0.00cvss epss 0.01

    MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host…

  • CVE-2019-12923Jul 8, 2019
    risk 0.00cvss epss 0.01

    In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a…

  • CVE-2019-5925Mar 12, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-9277Jan 16, 2019
    risk 0.00cvss epss 0.02

    MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

  • CVE-2015-9280Jan 16, 2019
    risk 0.00cvss epss 0.02

    MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

  • CVE-2015-9278Jan 16, 2019
    risk 0.00cvss epss 0.02

    MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.

  • CVE-2015-9279Jan 16, 2019
    risk 0.00cvss epss 0.01

    MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.

  • CVE-2010-2580Sep 15, 2010
    risk 0.00cvss epss 0.04

    The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers…

  • CVE-2008-3449Aug 4, 2008
    risk 0.00cvss epss 0.02

    MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.

  • CVE-2007-0652Feb 15, 2007
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

  • CVE-2007-0651Feb 15, 2007
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in…

  • CVE-2006-6964Jan 29, 2007
    risk 0.00cvss epss 0.01

    MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.

  • CVE-2006-6605Dec 19, 2006
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.

  • CVE-2006-6484Dec 12, 2006
    risk 0.00cvss epss 0.03

    The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer…

  • CVE-2006-6291Dec 5, 2006
    risk 0.00cvss epss 0.03

    Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument…

  • CVE-2006-6290Dec 5, 2006
    risk 0.00cvss epss 0.03

    Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or…

  • CVE-2006-6239Dec 3, 2006
    risk 0.00cvss epss 0.01

    webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.

  • CVE-2006-5176Oct 10, 2006
    risk 0.00cvss epss 0.05

    Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".

  • CVE-2006-4616Sep 7, 2006
    risk 0.00cvss epss 0.03

    SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.

  • CVE-2006-2512May 22, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.

  • CVE-2006-1792Apr 15, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected…

  • CVE-2006-1338Mar 21, 2006
    risk 0.00cvss epss 0.02

    Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".

  • CVE-2006-1337Mar 21, 2006
    risk 0.00cvss epss 0.05

    Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.

  • CVE-2006-0504Feb 1, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail.

  • CVE-2006-0503Feb 1, 2006
    risk 0.00cvss epss 0.02

    IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.

  • CVE-2005-4457Dec 21, 2005
    risk 0.00cvss epss 0.03

    MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command.

  • CVE-2005-3993Dec 5, 2005
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.

  • CVE-2005-3690Nov 19, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe,…

  • CVE-2005-3691Nov 19, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename…

  • CVE-2005-2222Jul 12, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.

  • CVE-2005-1781May 31, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).

  • CVE-2005-1014May 2, 2005
    risk 0.00cvss epss 0.05

    Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.

  • CVE-2004-2726Dec 31, 2004
    risk 0.00cvss epss 0.03

    HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.

  • CVE-2004-2194Dec 31, 2004
    risk 0.00cvss epss 0.02

    MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.

Page 2 of 2