cbcvebase.

Mailenable Professional vulnerabilities

32 known vulnerabilities affecting mailenable/mailenable_professional.

Total CVEs
32
CISA KEV
0
Public exploits
15
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH9MEDIUM14

Vulnerabilities

Page 2 of 2
CVE-2006-1792P4CRITICALCVSS 10.0v1.2v1.2a+13 more2006-04-15
CVE-2006-1792 [CRITICAL] CWE-119 CVE-2006-1792: Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professiona Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.
nvd
CVE-2006-6290P4MEDIUMCVSS 6.5v1.6v1.82+2 more2006-12-05
CVE-2006-6290 [MEDIUM] CVE-2006-6290: Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1. Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT co
nvd
CVE-2005-3993P4HIGHCVSS 7.8≤ 1.62005-12-05
CVE-2005-3993 [HIGH] CVE-2005-3993: Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 a Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.
nvd
CVE-2005-2222P4CRITICALCVSS 10.0v1.2v1.2a+8 more2005-07-12
CVE-2005-2222 [CRITICAL] CVE-2005-2222: Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impa Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
nvd
CVE-2007-0652P4MEDIUMCVSS 5.1v1.0.004v1.0.005+59 more2007-02-15
CVE-2007-0652 [MEDIUM] CVE-2007-0652: Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
nvd
CVE-2006-1338P4MEDIUMCVSS 5.0v1.2v1.2a+12 more2006-03-21
CVE-2006-1338 [MEDIUM] CWE-399 CVE-2006-1338: Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows rem Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".
nvd
CVE-2005-1781P4MEDIUMCVSS 5.0v1.5v1.51+3 more2005-05-31
CVE-2005-1781 [MEDIUM] CVE-2005-1781: Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denia Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
nvd
CVE-2006-6484P4MEDIUMCVSS 5.0v1.6v1.7+10 more2006-12-12
CVE-2006-6484 [MEDIUM] CVE-2006-6484: The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional E The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-20
nvd
CVE-2006-0503P4MEDIUMCVSS 5.0v1.2v1.2a+11 more2006-02-01
CVE-2006-0503 [MEDIUM] CVE-2006-0503: IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denia IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
nvd
CVE-2004-2194P4MEDIUMCVSS 5.0v1.2v1.2a+6 more2004-12-31
CVE-2004-2194 [MEDIUM] CVE-2004-2194: MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attacke MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
nvd
CVE-2007-0651P4MEDIUMCVSS 4.3v1.0.004v1.0.005+59 more2007-02-15
CVE-2007-0651 [MEDIUM] CVE-2007-0651: Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow rem Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
nvd
CVE-2006-6964P4MEDIUMCVSS 4.0v1.7v1.71+6 more2007-01-29
CVE-2006-6964 [MEDIUM] CVE-2006-6964: MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits t MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
nvd
Mailenable Professional vulnerabilities | cvebase