Vulnerabilities > Mailenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-15 | CVE-2007-0955 | Denial-Of-Service vulnerability in MailEnable Professional The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | 7.8 |
| 2007-02-12 | CVE-2006-6997 | Improper Authentication vulnerability in Mailenable Enterprise and Mailenable Standard Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. | 10.0 |
| 2007-01-29 | CVE-2006-6964 | Information Disclosure vulnerability in MailEnable Professional MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | 4.0 |
| 2006-12-19 | CVE-2006-6605 | Remote Buffer Overflow vulnerability in Mailenable products Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | 10.0 |
| 2006-12-12 | CVE-2006-6484 | Remote Denial of Service vulnerability in MailEnable IMAP Service The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. | 5.0 |
| 2006-12-12 | CVE-2006-6423 | Remote Buffer Overflow vulnerability in MailEnable IMAP Service Login Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix. | 10.0 |
| 2006-12-05 | CVE-2006-6291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | 6.8 |
| 2006-12-05 | CVE-2006-6290 | Buffer Overflow vulnerability in MailEnable IMAP Service Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command. | 6.5 |
| 2006-12-03 | CVE-2006-6239 | Credentials Management vulnerability in Mailenable Netwebadmin Enterprise and Netwebadmin Professional webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | 7.5 |
| 2006-10-10 | CVE-2006-5177 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read. | 9.3 |