Vulnerabilities > Mailenable > Mailenable > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2022-42136 | Path Traversal vulnerability in Mailenable Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. | 8.8 |
| 2019-01-16 | CVE-2015-9279 | Cross-site Scripting vulnerability in Mailenable MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | 4.3 |
| 2019-01-16 | CVE-2015-9278 | Credentials Management vulnerability in Mailenable MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | 5.0 |
| 2019-01-16 | CVE-2015-9277 | Path Traversal vulnerability in Mailenable MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. | 7.5 |
| 2007-02-15 | CVE-2007-0955 | Denial-Of-Service vulnerability in MailEnable Professional The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | 7.8 |
| 2006-12-05 | CVE-2006-6291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | 6.8 |