Mailenable: >> Mailenable Security Vulnerabilities
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVSS Score
10.0
EPSS Score
0.003
Published
2019-01-16
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.
CVSS Score
4.3
EPSS Score
0.016
Published
2014-09-19
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
CVSS Score
4.3
EPSS Score
0.464
Published
2012-01-24
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
CVSS Score
5.0
EPSS Score
0.022
Published
2010-09-15
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.
CVSS Score
5.0
EPSS Score
0.034
Published
2008-08-04
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
CVSS Score
7.8
EPSS Score
0.126
Published
2007-02-15
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix.
CVSS Score
6.8
EPSS Score
0.013
Published
2006-12-05
Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.
CVSS Score
7.5
EPSS Score
0.029
Published
2006-03-21
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
CVSS Score
5.0
EPSS Score
0.024
Published
2004-12-31
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.
CVSS Score
4.3
EPSS Score
0.03
Published
2004-12-31