Vendor CVEs
MailEnable
All CVEs
94 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34406 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response.… | |||
| CVE-2025-34404 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a… | |||
| CVE-2025-34397 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the… | |||
| CVE-2025-34407 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response,… | |||
| CVE-2021-37274 | 0.00 | — | 0.01 | Sep 27, 2021 | Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | |||
| CVE-2019-11899 | 0.00 | — | 0.01 | Sep 12, 2019 | An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. | |||
| CVE-2019-11898 | 0.00 | — | 0.01 | Sep 12, 2019 | Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | |||
| CVE-2019-12927 | 0.00 | — | 0.01 | Jul 8, 2019 | MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | |||
| CVE-2019-12926 | 0.00 | — | 0.01 | Jul 8, 2019 | MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain… | |||
| CVE-2019-12925 | 0.00 | — | 0.02 | Jul 8, 2019 | MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including… | |||
| CVE-2019-12924 | 0.00 | — | 0.01 | Jul 8, 2019 | MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host… | |||
| CVE-2019-12923 | 0.00 | — | 0.01 | Jul 8, 2019 | In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a… | |||
| CVE-2019-5925 | 0.00 | — | 0.01 | Mar 12, 2019 | Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-9277 | 0.00 | — | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | |||
| CVE-2015-9280 | 0.00 | — | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | |||
| CVE-2015-9278 | 0.00 | — | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | |||
| CVE-2015-9279 | 0.00 | — | 0.01 | Jan 16, 2019 | MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | |||
| CVE-2010-2580 | 0.00 | — | 0.04 | Sep 15, 2010 | The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers… | |||
| CVE-2008-3449 | 0.00 | — | 0.02 | Aug 4, 2008 | MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | |||
| CVE-2007-0652 | 0.00 | — | 0.02 | Feb 15, 2007 | Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | |||
| CVE-2007-0651 | 0.00 | — | 0.03 | Feb 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in… | |||
| CVE-2006-6964 | 0.00 | — | 0.01 | Jan 29, 2007 | MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | |||
| CVE-2006-6605 | 0.00 | — | 0.06 | Dec 19, 2006 | Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | |||
| CVE-2006-6484 | 0.00 | — | 0.03 | Dec 12, 2006 | The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer… | |||
| CVE-2006-6291 | 0.00 | — | 0.03 | Dec 5, 2006 | Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument… | |||
| CVE-2006-6290 | 0.00 | — | 0.03 | Dec 5, 2006 | Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or… | |||
| CVE-2006-6239 | 0.00 | — | 0.01 | Dec 3, 2006 | webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | |||
| CVE-2006-5176 | 0.00 | — | 0.05 | Oct 10, 2006 | Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages". | |||
| CVE-2006-4616 | 0.00 | — | 0.03 | Sep 7, 2006 | SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception. | |||
| CVE-2006-2512 | 0.00 | — | 0.01 | May 22, 2006 | SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | |||
| CVE-2006-1792 | 0.00 | — | 0.02 | Apr 15, 2006 | Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected… | |||
| CVE-2006-1338 | 0.00 | — | 0.02 | Mar 21, 2006 | Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails". | |||
| CVE-2006-1337 | 0.00 | — | 0.05 | Mar 21, 2006 | Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication. | |||
| CVE-2006-0504 | 0.00 | — | 0.03 | Feb 1, 2006 | Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail. | |||
| CVE-2006-0503 | 0.00 | — | 0.02 | Feb 1, 2006 | IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command. | |||
| CVE-2005-4457 | 0.00 | — | 0.03 | Dec 21, 2005 | MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | |||
| CVE-2005-3993 | 0.00 | — | 0.01 | Dec 5, 2005 | Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | |||
| CVE-2005-3690 | 0.00 | — | 0.05 | Nov 19, 2005 | Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe,… | |||
| CVE-2005-3691 | 0.00 | — | 0.02 | Nov 19, 2005 | Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename… | |||
| CVE-2005-2222 | 0.00 | — | 0.01 | Jul 12, 2005 | Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. | |||
| CVE-2005-1781 | 0.00 | — | 0.02 | May 31, 2005 | Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | |||
| CVE-2005-1014 | 0.00 | — | 0.05 | May 2, 2005 | Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command. | |||
| CVE-2004-2726 | 0.00 | — | 0.03 | Dec 31, 2004 | HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348. | |||
| CVE-2004-2194 | 0.00 | — | 0.02 | Dec 31, 2004 | MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands. |
- CVE-2025-34406Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response.…
- CVE-2025-34404Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a…
- CVE-2025-34397Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the…
- CVE-2025-34407Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response,…
- CVE-2021-37274Sep 27, 2021risk 0.00cvss —epss 0.01
Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.
- CVE-2019-11899Sep 12, 2019risk 0.00cvss —epss 0.01
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
- CVE-2019-11898Sep 12, 2019risk 0.00cvss —epss 0.01
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.
- CVE-2019-12927Jul 8, 2019risk 0.00cvss —epss 0.01
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.
- CVE-2019-12926Jul 8, 2019risk 0.00cvss —epss 0.01
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain…
- CVE-2019-12925Jul 8, 2019risk 0.00cvss —epss 0.02
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including…
- CVE-2019-12924Jul 8, 2019risk 0.00cvss —epss 0.01
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host…
- CVE-2019-12923Jul 8, 2019risk 0.00cvss —epss 0.01
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a…
- CVE-2019-5925Mar 12, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-9277Jan 16, 2019risk 0.00cvss —epss 0.02
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
- CVE-2015-9280Jan 16, 2019risk 0.00cvss —epss 0.02
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
- CVE-2015-9278Jan 16, 2019risk 0.00cvss —epss 0.02
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
- CVE-2015-9279Jan 16, 2019risk 0.00cvss —epss 0.01
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
- CVE-2010-2580Sep 15, 2010risk 0.00cvss —epss 0.04
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers…
- CVE-2008-3449Aug 4, 2008risk 0.00cvss —epss 0.02
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.
- CVE-2007-0652Feb 15, 2007risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
- CVE-2007-0651Feb 15, 2007risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in…
- CVE-2006-6964Jan 29, 2007risk 0.00cvss —epss 0.01
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
- CVE-2006-6605Dec 19, 2006risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
- CVE-2006-6484Dec 12, 2006risk 0.00cvss —epss 0.03
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer…
- CVE-2006-6291Dec 5, 2006risk 0.00cvss —epss 0.03
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument…
- CVE-2006-6290Dec 5, 2006risk 0.00cvss —epss 0.03
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or…
- CVE-2006-6239Dec 3, 2006risk 0.00cvss —epss 0.01
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.
- CVE-2006-5176Oct 10, 2006risk 0.00cvss —epss 0.05
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
- CVE-2006-4616Sep 7, 2006risk 0.00cvss —epss 0.03
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
- CVE-2006-2512May 22, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.
- CVE-2006-1792Apr 15, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected…
- CVE-2006-1338Mar 21, 2006risk 0.00cvss —epss 0.02
Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".
- CVE-2006-1337Mar 21, 2006risk 0.00cvss —epss 0.05
Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.
- CVE-2006-0504Feb 1, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail.
- CVE-2006-0503Feb 1, 2006risk 0.00cvss —epss 0.02
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
- CVE-2005-4457Dec 21, 2005risk 0.00cvss —epss 0.03
MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command.
- CVE-2005-3993Dec 5, 2005risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.
- CVE-2005-3690Nov 19, 2005risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe,…
- CVE-2005-3691Nov 19, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename…
- CVE-2005-2222Jul 12, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
- CVE-2005-1781May 31, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
- CVE-2005-1014May 2, 2005risk 0.00cvss —epss 0.05
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.
- CVE-2004-2726Dec 31, 2004risk 0.00cvss —epss 0.03
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
- CVE-2004-2194Dec 31, 2004risk 0.00cvss —epss 0.02
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
Page 2 of 2