Search
Search Results (49 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2026-04-16 | 7.5 High |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2002-1076 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. | ||||
| CVE-2000-0019 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| IMail POP3 daemon uses weak encryption, which allows local users to read files. | ||||
| CVE-2004-2401 | 1 Ipswitch | 1 Imail Express | 2026-04-16 | N/A |
| Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." | ||||
| CVE-2006-4379 | 1 Ipswitch | 3 Imail Plus, Imail Secure Server, Ipswitch Collaboration Suite | 2026-04-16 | N/A |
| Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. | ||||
| CVE-2017-12638 | 1 Ipswitch | 1 Imail Server | 2025-04-20 | N/A |
| Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. | ||||
| CVE-2017-12639 | 1 Ipswitch | 1 Imail Server | 2025-04-20 | N/A |
| Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. | ||||
| CVE-2014-3878 | 1 Ipswitch | 1 Imail Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | ||||
| CVE-2011-1430 | 1 Ipswitch | 1 Imail | 2025-04-11 | N/A |
| The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | ||||