Vulnerabilities > Mailenable > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2022-42136 | Path Traversal vulnerability in Mailenable Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. | 8.8 |
| 2019-01-16 | CVE-2015-9277 | Path Traversal vulnerability in Mailenable MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. | 7.5 |
| 2008-03-10 | CVE-2008-1275 | Denial of Service vulnerability in Mailenable products Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands. | 7.8 |
| 2007-02-15 | CVE-2007-0955 | Denial-Of-Service vulnerability in MailEnable Professional The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | 7.8 |
| 2006-12-03 | CVE-2006-6239 | Credentials Management vulnerability in Mailenable Netwebadmin Enterprise and Netwebadmin Professional webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | 7.5 |
| 2006-03-21 | CVE-2006-1337 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication. | 7.5 |
| 2005-12-21 | CVE-2005-4457 | Denial-Of-Service vulnerability in Mailenable Enterprise 1.1 MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | 7.5 |
| 2005-12-21 | CVE-2005-4456 | IMAP Remote Buffer Overflow vulnerability in MailEnable Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. | 7.8 |
| 2005-12-05 | CVE-2005-3993 | Denial-Of-Service vulnerability in MailEnable Enterprise Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | 7.8 |
| 2005-11-19 | CVE-2005-3690 | Buffer Overflow vulnerability in MailEnable IMAP Mailbox Name Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands. | 7.5 |