cbcvebase.

Ipswitch Imail vulnerabilities

38 known vulnerabilities affecting ipswitch/imail.

Total CVEs
38
CISA KEV
0
Public exploits
16
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH10MEDIUM20LOW1

Vulnerabilities

Page 1 of 2
CVE-2004-0297P3CRITICALCVSS 10.0PoCv8.0.3v8.0.52004-11-23
CVE-2004-0297 [CRITICAL] CVE-2004-0297: Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
nvd
CVE-2005-1255P3CRITICALCVSS 10.0PoCv8.12v8.132005-05-25
CVE-2005-1255 [CRITICAL] CVE-2005-1255: Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collabor Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
nvd
CVE-2007-2795P2CRITICALCVSS 9.0PoC≤ 2006.2v2006.12009-01-27
CVE-2007-2795 [CRITICAL] CWE-119 CVE-2007-2795: Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated u Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
nvd
CVE-2004-1520P3MEDIUMCVSS 4.6PoCv8.132004-12-31
CVE-2004-1520 [MEDIUM] CVE-2004-1520: Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbi Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
nvd
CVE-2002-1076P3HIGHCVSS 7.5PoCv6.1v6.2+10 more2002-10-04
CVE-2002-1076 [HIGH] CVE-2002-1076: Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers t Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
nvd
CVE-2007-5094P3HIGHCVSS 7.5PoCv8.0.3v8.0.5+3 more2007-09-26
CVE-2007-5094 [HIGH] CWE-119 CVE-2007-5094: Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8. Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transf
nvd
CVE-2005-1256P3CRITICALCVSS 10.0v8.132005-05-25
CVE-2005-1256 [CRITICAL] CVE-2005-1256: Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
nvd
CVE-2001-1287P3HIGHCVSS 7.5PoCv6.0.2v6.0.6+1 more2001-10-12
CVE-2001-1287 [HIGH] CVE-2001-1287: Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execut Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
nvd
CVE-1999-1551P4MEDIUMCVSS 5.0PoCv5.0v6.01999-03-02
CVE-1999-1551 [MEDIUM] CVE-1999-1551: Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
nvd
CVE-1999-1046P3CRITICALCVSS 10.0PoCv5.01999-03-01
CVE-1999-1046 [CRITICAL] CVE-1999-1046: Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and p Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
nvd
CVE-2000-0780P4MEDIUMCVSS 6.4PoCv5.0v6.0+4 more2000-10-20
CVE-2000-0780 [MEDIUM] CVE-2000-0780: The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitra The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
nvd
CVE-1999-1557P4MEDIUMCVSS 5.0PoC≤ 5.02005-05-02
CVE-1999-1557 [MEDIUM] CVE-1999-1557: Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allo Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
nvd
CVE-1999-1171P4MEDIUMCVSS 4.6PoCv5.01999-02-02
CVE-1999-1171 [MEDIUM] CVE-1999-1171: IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
nvd
CVE-2007-1637P3CRITICALCVSS 9.3v20062007-03-23
CVE-2007-1637 [CRITICAL] CVE-2007-1637: Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailU
nvd
CVE-2002-1077P4MEDIUMCVSS 5.0PoCv6.1v6.2+10 more2002-10-04
CVE-2002-1077 [MEDIUM] CVE-2002-1077: IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of servic IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
nvd
CVE-2002-0777P3CRITICALCVSS 10.0v5.0v5.0.5+22 more2002-08-12
CVE-2002-0777 [CRITICAL] CVE-2002-0777: Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to e Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
nvd
CVE-1999-1170P4MEDIUMCVSS 4.6PoCv5.01999-01-02
CVE-1999-1170 [MEDIUM] CVE-1999-1170: IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by s IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
nvd
CVE-1999-1497P4HIGHCVSS 7.2PoCv5.0v5.0.5+4 more1999-12-21
CVE-1999-1497 [HIGH] CVE-1999-1497: Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows lo Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
nvd
CVE-2000-0056P4MEDIUMCVSS 5.0PoCv5.0.8v6.0+1 more2000-01-05
CVE-2000-0056 [MEDIUM] CVE-2000-0056: IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
nvd
CVE-2011-1430P4MEDIUMCVSS 6.8≤ 11.03v5.0+44 more2011-03-16
CVE-2011-1430 [MEDIUM] CVE-2011-1430: The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly rest The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0
nvd
Ipswitch Imail vulnerabilities | cvebase