cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
Max CVSS
5.0
EPSS Score
4.02%
Published
2004-12-31
Updated
2008-09-05
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.
Max CVSS
7.5
EPSS Score
24.68%
Published
2004-12-31
Updated
2017-07-11
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
Max CVSS
5.0
EPSS Score
4.94%
Published
2005-05-02
Updated
2017-07-11
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.
Max CVSS
7.5
EPSS Score
6.49%
Published
2005-05-02
Updated
2017-07-11

CVE-2005-1348

Public exploit
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
Max CVSS
7.5
EPSS Score
95.62%
Published
2005-05-02
Updated
2016-10-18
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
Max CVSS
5.0
EPSS Score
0.33%
Published
2005-05-31
Updated
2008-09-05
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2005-07-12
Updated
2008-09-05
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
Max CVSS
5.0
EPSS Score
0.76%
Published
2005-07-12
Updated
2008-09-05
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.
Max CVSS
6.5
EPSS Score
1.16%
Published
2005-12-20
Updated
2016-10-18
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
Max CVSS
5.0
EPSS Score
6.70%
Published
2006-02-01
Updated
2017-07-20
Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".
Max CVSS
5.0
EPSS Score
1.95%
Published
2006-03-21
Updated
2017-07-20
Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.
Max CVSS
10.0
EPSS Score
0.30%
Published
2006-04-15
Updated
2008-09-05
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
Max CVSS
5.0
EPSS Score
7.28%
Published
2006-06-28
Updated
2018-10-18
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
Max CVSS
10.0
EPSS Score
50.82%
Published
2006-12-19
Updated
2018-10-17
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
Max CVSS
4.3
EPSS Score
2.45%
Published
2007-02-15
Updated
2018-10-16
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
Max CVSS
5.1
EPSS Score
1.92%
Published
2007-02-15
Updated
2018-10-16
Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands.
Max CVSS
7.8
EPSS Score
3.47%
Published
2008-03-10
Updated
2017-09-29
Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.
Max CVSS
9.0
EPSS Score
18.95%
Published
2008-03-10
Updated
2018-10-11
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.
Max CVSS
9.0
EPSS Score
23.29%
Published
2008-03-10
Updated
2018-10-11
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!