Shodan
Vulnerabilities
Vulnerable Software
Ipswitch:  >> Imail  Security Vulnerabilities
CVE-2001-1282
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
CVSS Score
5.0
EPSS Score
0.057
Published
2001-10-12
CVE-2001-1283
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
CVSS Score
7.5
EPSS Score
0.019
Published
2001-10-12
CVE-2001-1284
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-10-12
CVE-2001-1285
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-10-12
CVE-2001-1286
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-10-12
CVE-2001-1287
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVSS Score
7.5
EPSS Score
0.063
Published
2001-10-12
CVE-2001-0494
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
CVSS Score
7.5
EPSS Score
0.006
Published
2001-06-27
CVE-2001-0039
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
CVSS Score
5.0
EPSS Score
0.002
Published
2001-02-16
CVE-2000-0825
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
CVSS Score
5.0
EPSS Score
0.101
Published
2000-11-14
CVE-2000-0780
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
CVSS Score
6.4
EPSS Score
0.021
Published
2000-10-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved