Vulnerabilities > Mailenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-19 | CVE-2012-2588 | Cross-Site Scripting vulnerability in Mailenable 6.5 Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message. | 4.3 |
| 2012-01-24 | CVE-2012-0389 | Cross-Site Scripting vulnerability in Mailenable Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. | 4.3 |
| 2010-09-15 | CVE-2010-2580 | Improper Input Validation vulnerability in Mailenable The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error." | 5.0 |
| 2008-08-04 | CVE-2008-3449 | Resource Management Errors vulnerability in Mailenable 3.52 MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | 5.0 |
| 2008-03-10 | CVE-2008-1277 | Improper Input Validation vulnerability in Mailenable Enterprise and Mailenable Professional The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | 9.0 |
| 2008-03-10 | CVE-2008-1276 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands. | 9.0 |
| 2008-03-10 | CVE-2008-1275 | Denial of Service vulnerability in Mailenable products Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands. | 7.8 |
| 2007-03-07 | CVE-2007-1301 | Remote Buffer Overflow vulnerability in MailEnable Append Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. | 9.0 |
| 2007-02-15 | CVE-2007-0652 | HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | 5.1 |
| 2007-02-15 | CVE-2007-0651 | HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. network mailenable | 4.3 |