Vulnerabilities > Mailenable > Mailenable > 2.17
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-13 | CVE-2022-42136 | Path Traversal vulnerability in Mailenable Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. | 8.8 |
2019-01-16 | CVE-2015-9279 | Cross-site Scripting vulnerability in Mailenable MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | 4.3 |
2019-01-16 | CVE-2015-9278 | Credentials Management vulnerability in Mailenable MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | 5.0 |
2019-01-16 | CVE-2015-9277 | Path Traversal vulnerability in Mailenable MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. | 7.5 |
2006-12-05 | CVE-2006-6291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | 6.8 |