Ipswitch Imail Server vulnerabilities
12 known vulnerabilities affecting ipswitch/imail_server.
Total CVEs
12
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2007-3925P3MEDIUMCVSS 6.5PoC≤ 2006.22007-07-21
CVE-2007-3925 [MEDIUM] CWE-119 CVE-2007-3925: Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 200
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
nvd
CVE-2005-1255P3CRITICALCVSS 10.0PoC≤ 8.2_hotfix_22005-05-25
CVE-2005-1255 [CRITICAL] CVE-2005-1255: Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collabor
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
nvd
CVE-2007-3927P2CRITICALCVSS 10.0PoC≤ 2006.22007-07-21
CVE-2007-3927 [CRITICAL] CVE-2007-3927: Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."
nvd
CVE-2005-1256P3CRITICALCVSS 10.0≤ 8.2_hotfix_22005-05-25
CVE-2005-1256 [CRITICAL] CVE-2005-1256: Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
nvd
CVE-2017-12639P3CRITICALCVSS 9.8≤ 12.5.52017-10-03
CVE-2017-12639 [CRITICAL] CWE-119 CVE-2017-12639: Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attack
Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.
nvd
CVE-2017-12638P3CRITICALCVSS 9.8≤ 12.5.52017-10-03
CVE-2017-12638 [CRITICAL] CWE-119 CVE-2017-12638: Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attack
Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.
nvd
CVE-2014-3878P4MEDIUMCVSS 4.3PoCv12.3v12.42014-06-05
CVE-2014-3878 [MEDIUM] CWE-79 CVE-2014-3878: Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Se
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts secti
nvd
CVE-2005-2931P3HIGHCVSS 7.5v8.202005-12-07
CVE-2005-2931 [HIGH] CVE-2005-2931: Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.
nvd
CVE-2007-4345P3HIGHCVSS 7.5v2006.222007-10-31
CVE-2007-4345 [HIGH] CWE-119 CVE-2007-4345: Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote a
Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.
nvd
CVE-2005-1252P4MEDIUMCVSS 5.0≤ 8.2_hotfix_22005-05-25
CVE-2005-1252 [MEDIUM] CVE-2005-1252: Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other ve
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
nvd
CVE-2007-3926P4HIGHCVSS 7.8v2006.22007-07-21
CVE-2007-3926 [HIGH] CVE-2007-3926: Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daem
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
nvd
CVE-2005-2923P4MEDIUMCVSS 4.0v8.202005-12-07
CVE-2005-2923 [MEDIUM] CWE-20 CVE-2005-2923: The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
nvd