Vulnerabilities > Mailenable > Mailenable Enterprise
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-10 | CVE-2008-1277 | Improper Input Validation vulnerability in Mailenable Enterprise and Mailenable Professional The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | 9.0 |
| 2008-03-10 | CVE-2008-1276 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands. | 9.0 |
| 2008-03-10 | CVE-2008-1275 | Denial of Service vulnerability in Mailenable products Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands. | 7.8 |
| 2007-03-07 | CVE-2007-1301 | Remote Buffer Overflow vulnerability in MailEnable Append Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. | 9.0 |
| 2007-02-12 | CVE-2006-6997 | Improper Authentication vulnerability in Mailenable Enterprise and Mailenable Standard Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. | 10.0 |
| 2006-12-19 | CVE-2006-6605 | Remote Buffer Overflow vulnerability in Mailenable products Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | 10.0 |
| 2006-12-12 | CVE-2006-6484 | Remote Denial of Service vulnerability in MailEnable IMAP Service The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. | 5.0 |
| 2006-12-12 | CVE-2006-6423 | Remote Buffer Overflow vulnerability in MailEnable IMAP Service Login Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix. | 10.0 |
| 2006-12-05 | CVE-2006-6290 | Buffer Overflow vulnerability in MailEnable IMAP Service Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command. | 6.5 |
| 2006-10-10 | CVE-2006-5177 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read. | 9.3 |