Vulnerabilities > Ipswitch > Imail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-16 | CVE-2011-1430 | Improper Input Validation vulnerability in Ipswitch Imail The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
| 2005-05-25 | CVE-2005-1254 | Multiple vulnerability in Ipswitch IMail Server Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | 5.0 |
| 2005-05-25 | CVE-2005-1252 | Multiple vulnerability in Ipswitch IMail Server Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. | 5.0 |
| 2005-05-02 | CVE-1999-1557 | Denial-Of-Service vulnerability in Ipswitch Imail 5.0 Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. | 5.0 |
| 2004-12-31 | CVE-2004-2423 | Buffer Overflow Denial Of Service vulnerability in Ipswitch IMail Server Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content." | 5.0 |
| 2004-12-31 | CVE-2004-2422 | Buffer Overflow Denial Of Service vulnerability in Ipswitch IMail Server Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. | 5.0 |
| 2004-12-31 | CVE-2004-1520 | Remote Buffer Overflow vulnerability in Ipswitch Imail 8.13 Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. | 4.6 |
| 2002-10-04 | CVE-2002-1077 | Denial Of Service vulnerability in IPSwitch IMail Web Calendaring Incomplete Post IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. | 5.0 |
| 2001-10-12 | CVE-2001-1285 | Unspecified vulnerability in Ipswitch Imail 6.0.2/6.0.6/7.0.4 Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. | 5.0 |
| 2001-10-12 | CVE-2001-1282 | Path Disclosure vulnerability in Ipswitch Imail 6.0.2/6.0.6/7.0.4 Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. | 5.0 |