Vulnerabilities > Mailenable > Mailenable > 1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2022-42136 | Path Traversal vulnerability in Mailenable Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. | 8.8 |
| 2019-01-16 | CVE-2015-9279 | Cross-site Scripting vulnerability in Mailenable MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | 4.3 |
| 2019-01-16 | CVE-2015-9278 | Credentials Management vulnerability in Mailenable MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | 5.0 |
| 2019-01-16 | CVE-2015-9277 | Path Traversal vulnerability in Mailenable MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. | 7.5 |
| 2012-01-24 | CVE-2012-0389 | Cross-Site Scripting vulnerability in Mailenable Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. | 4.3 |
| 2010-09-15 | CVE-2010-2580 | Improper Input Validation vulnerability in Mailenable The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error." | 5.0 |
| 2006-12-05 | CVE-2006-6291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | 6.8 |
| 2006-03-21 | CVE-2006-1337 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication. | 7.5 |