Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-10-12
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-10-12
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-10-12
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVSS Score
7.5
EPSS Score
0.063
Published
2001-10-12
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
CVSS Score
7.5
EPSS Score
0.006
Published
2001-06-27
Page 2