Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailenable mailenable vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-12927
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.
Mailenable Mailenable
4.3
CVSSv2
CVE-2019-12923
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an malicious user to manipulate...
Mailenable Mailenable
4.3
CVSSv2
CVE-2015-9279
MailEnable prior to 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
Mailenable Mailenable
4.3
CVSSv2
CVE-2012-2588
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.
Mailenable Mailenable 6.5
1 EDB exploit
4.3
CVSSv2
CVE-2012-0389
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and previous versions, 5.x prior to 5.53, and 6.x prior to 6.03 allows remote malicious users to inject arbitrary web script or HTML via the Username parame...
Mailenable Mailenable 3.52
Mailenable Mailenable 3.12
Mailenable Mailenable 3.11
Mailenable Mailenable 3.61
Mailenable Mailenable 1.73
Mailenable Mailenable 3.0
Mailenable Mailenable 3.01
Mailenable Mailenable 4.11
Mailenable Mailenable 1.52
Mailenable Mailenable 1.53
Mailenable Mailenable 1.71
Mailenable Mailenable 1.72
Mailenable Mailenable 4.24
Mailenable Mailenable 4.15
Mailenable Mailenable 1.79
Mailenable Mailenable 3.53
Mailenable Mailenable 1.75
Mailenable Mailenable 1.76
Mailenable Mailenable 3.6
Mailenable Mailenable 1.74
Mailenable Mailenable 4.1
Mailenable Mailenable 4.13
2 EDB exploits
4.3
CVSSv2
CVE-2007-0651
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional prior to 2.37 allow remote malicious users to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in...
Mailenable Mailenable Professional 1.0.007
Mailenable Mailenable Professional 1.0.008
Mailenable Mailenable Professional 1.0.016
Mailenable Mailenable Professional 1.0.017
Mailenable Mailenable Professional 1.106
Mailenable Mailenable Professional 1.107
Mailenable Mailenable Professional 1.114
Mailenable Mailenable Professional 1.115
Mailenable Mailenable Professional 1.18
Mailenable Mailenable Professional 1.19
Mailenable Mailenable Professional 1.54
Mailenable Mailenable Professional 1.6
Mailenable Mailenable Professional 2.0
Mailenable Mailenable Professional 2.1
Mailenable Mailenable Professional 1.0.009
Mailenable Mailenable Professional 1.0.010
Mailenable Mailenable Professional 1.1
Mailenable Mailenable Professional 1.101
Mailenable Mailenable Professional 1.108
Mailenable Mailenable Professional 1.109
Mailenable Mailenable Professional 1.116
Mailenable Mailenable Professional 1.12
4.3
CVSSv2
CVE-2004-2727
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 up to and including 1.7 allows remote malicious users to cause a denial of service (application crash) via a long HTTP GET request.
Mailenable Mailenable 1.6
Mailenable Mailenable 1.7
Mailenable Mailenable 1.5
1 EDB exploit
4
CVSSv2
CVE-2006-6964
MailEnable Professional prior to 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
Mailenable Mailenable Professional 1.73
Mailenable Mailenable Professional 1.74
Mailenable Mailenable Professional 1.7
Mailenable Mailenable Professional 1.77
Mailenable Mailenable Professional 1.71
Mailenable Mailenable Professional 1.72
Mailenable Mailenable Professional 1.75
Mailenable Mailenable Professional 1.76
4
CVSSv2
CVE-2005-3813
IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated malicious users to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690.
Mailenable Mailenable Enterprise 1.1
Mailenable Mailenable Professional 1.7
1 EDB exploit
NA
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an malicious user to store arbitrary code on that files and execute RCE commands.
Mailenable Mailenable
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6