Vulnerabilities > Mailenable > Mailenable > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-12924 Missing Encryption of Sensitive Data vulnerability in Mailenable
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user.
network
low complexity
mailenable CWE-311
critical
 9.8
9.8
2019-01-16 CVE-2015-9277 Path Traversal vulnerability in Mailenable
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/..
network
low complexity
mailenable CWE-22
critical
 9.1
9.1
2019-01-16 CVE-2015-9278 Credentials Management vulnerability in Mailenable
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
network
low complexity
mailenable CWE-255
critical
 9.8
9.8
2019-01-16 CVE-2015-9280 XXE vulnerability in Mailenable
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
network
low complexity
mailenable CWE-611
critical
 10.0
10