38 matches found
CVE-2011-1430
Technical details for CVE-2011-1430 are not present in the connected documents. The initial description states a STARTTLS plaintext command-injection issue in Ipswitch IMail 11.03 and earlier, but no vendor/product/version/root-cause or remediation details are provided.
CVE-2007-1637
CVE-2007-1637 affects Ipswitch IMail Server prior to 2006.2. Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) allow remote code execution via the IMailServer, IMailLDAPService, and IMailUserCollection components (WebConnect/Connect, Sync3/Init3, and SetReplyTo members)....
CVE-2001-0494
IPSwitch IMail SMTP Buffer Overflow (CVE-2001-0494) affects IMail Server 6.06 and earlier. The OpenVAS/Nessus/NVD entries describe a vulnerability in theIMail SMTP daemon where inadequate bounds checking on input passed to the Mailing List handler allows remote attackers to remotely execute arbit...
CVE-1999-1557
The IMail IMAP server (imapd) from Ipswitch is affected by a buffer overflow in the login functions for IMail 5.0 and earlier. An unauthenticated, remote attacker could trigger a denial of service and possibly execute arbitrary code by sending a long user name or a long password. Mitigation: upgr...
CVE-2000-0825
Ipswitch Imail 6.0 is affected by a denial-of-service vulnerability where a large number of concurrent connections with a long Host header can cause a thread to crash. This CVE (CVE-2000-0825) is described in multiple sources (NVD, CVE List) as enabling remote attacks that disrupt service, but th...
CVE-2001-1285
The CVE-2001-1285 entry describes a directory traversal vulnerability in Ipswitch IMail 7.04 and earlier, exploited via a .. (dot dot) in the mbx parameter to readmail.cgi. Affected component: readmail.cgi in Ipswitch IMail (versions ≤ 7.04). Root cause: improper validation of the mbx parameter a...
CVE-2004-0297
IMail LDAP Service Buffer Overflow (CVE-2004-0297) affects Ipswitch IMail Server’s LDAP daemon (iLDAP.exe 3.9.15.10) and can be triggered by a crafted LDAP message with a large tag length, enabling remote code execution or denial of service. Public details describe that the vulnerability arises f...
CVE-2007-2795
Ipswitch IMail Server IMAP component contains two heap/stack overflow issues: (1) in IMailsec.dll during IMAP LOGIN causing heap corruption, and (2) a long SUBSCRIBE IMAP command causing a stack-based overflow in the IMAP Daemon. Affects Ipswitch IMail Server before version 2006.21 (and related I...
CVE-1999-1171
IPswitch WS_FTP contains a local privilege escalation flaw: by setting the flags registry key to 1920, a local user can gain additional privileges and modify or add mail accounts. The PT-1999-1600 entry confirms this issue but does not specify affected versions, and the original CVE description m...
CVE-2004-1520
CVE-2004-1520 involves a stack-based buffer overflow in the Ipswitch IMail IMAP4D service caused by processing an excessively long DELETE command. It requires a valid IMAP login and password (authenticated access) and can lead to remote code execution with the privileges of the IMAP4d process; im...
CVE-2005-2160
CVE-2005-2160 affects Ipswitch IMail. The connected documents confirm that IMail stores usernames and passwords in cleartext in a cookie, enabling remote attackers to obtain sensitive information. Root cause: credentials exposed in a cookie; impact is disclosure of credentials (no integrity/avail...
CVE-2001-1281
Web Messaging Server for Ipswitch IMail 7.04 and earlier is affected. The vulnerability allows remote authenticated users to change information for other users by modifying the olduser parameter in the Change User Information web form. Documented impact is information integrity on user data; expl...
CVE-2001-0039
IPSwitch IMail SMTP Buffer Overflow affects the IMail SMTP daemon (versions
CVE-2001-1287
CVE-2001-1287 describes a buffer overflow in the Web Calendar component of Ipswitch IMail versions up to 7.04 and earlier. The vulnerability allows remote attackers to execute arbitrary code by sending a long HTTP GET request to the affected Web Calendar interface. The provided connected records ...
CVE-1999-1551
The CVE-1999-1551 entry relates to a buffer overflow in Ipswitch IMail Service 5.0. The vulnerability is triggered by a long URL, allowing an attacker to cause a denial of service (crash) and potentially execute arbitrary commands. The connected documents confirm the affected product and the unde...
CVE-2000-0301
CVE-2000-0301 affects Ipswitch IMAIL server 6.02 and earlier. The issue enables remote attackers to cause a denial of service by sending the AUTH CRAM-MD5 command, impacting availability. The record lists a network-exposed attack with no authentication and a partial availability impact (CVSS v2 b...
CVE-2001-1286
Ipswitch IMail 7.04 and earlier stores a user’s session ID in a URL, enabling session hijacking if an attacker can obtain the URL (e.g., via an HTML email that causes the Referrer to reveal the URL under the attacker’s control). Affected product: Ipswitch IMail Web Interface. Root cause: session ...
CVE-2005-1252
CVE-2005-1252 affects Ipswitch IMail Web Calendaring server. A directory traversal flaw in handling requests for nonexistent .jsp resources lets an unauthenticated remote attacker read arbitrary files via crafted GET requests (e.g., ..\ sequences). Affects IMail 8.13 and earlier versions up to IM...
CVE-2005-1255
CVE-2005-1255 refers to multiple stack-based buffer overflows in the IMail IMAP server (Ipswitch Collaboration Suite and related IMail Server versions). The vulnerability allows a remote attacker to cause arbitrary code execution by sending a crafted LOGIN command with an overly long username arg...
CVE-1999-1046
IMail 5.0 is affected by a buffer overflow in the IMonitor service. The flaw can be triggered by sending a long string to port 8181, enabling remote denial of service and potentially arbitrary command execution. No remediation details are provided in the supplied documents.
CVE-1999-1170
IPswitch IMail vulnerability enables local privilege escalation by setting the registry key flags to 1920. The issue allows a local user to gain additional privileges and modify or add mail accounts, by manipulating the flags value in the registry. Affected versions are not specified in the provi...
CVE-2004-2422
CVE-2004-2422 affects Ipswitch IMail Server prior to 8.13. The vulnerability is a denial of service via malformed input: a long sender field to the Queue Manager or a long To field to the Web Messaging component. OpenVAS notes this version includes multiple buffer overflows in the IMail web inter...
CVE-2000-0056
CVE-2000-0056 affects the IMail server’s IMONITOR status.cgi CGI script. The vulnerability is described as allowing remote attackers to cause a denial of service by issuing many requests to status.cgi, impacting availability. The connected Nessus plugin expands the context to a potential buffer o...
CVE-2005-1256
A stack-based buffer overflow vulnerability in Ipswitch IMail’s IMAP STATUS handling allows remote authentication-enabled attackers to execute arbitrary code. A long mailbox name in the STATUS command can overflow IMAPD32.EXE (IMail 8.13 in Ipswitch Collaboration Suite and earlier versions) and m...
CVE-1999-1497
Ipswitch IMail 5.0 and 6.0 store e‑mail account passwords in registry keys using weak encryption, allowing local attackers to read passwords. Affected component: registry storage of credentials; Root cause: weak cryptography. Impact: local confidentiality and integrity compromise. CVSS base score...
CVE-2000-0780
The CVE-2000-0780 entry concerns the IPSWITCH IMail web server (versions 6.04 and earlier) vulnerable to a directory-traversal (dot-dot) attack that allows remote attackers to read and delete arbitrary files. The vulnerability is described as affecting the web server component, with impact descri...
CVE-2001-1283
CVE-2001-1283 affects Ipswitch IMail webmail interface (versions 7.04 and earlier). Affected component is the webmail CGI handlers (readmail.cgi and printmail.cgi); remote authenticated users can crash the service via mailbox names containing many dots or other characters, likely due to a buffer ...
CVE-2001-1284
Ipswitch IMail 7.04 and earlier are affected by predictable session IDs used for authentication, enabling remote attackers to hijack other users’ sessions. Root cause: predictable session identifiers in the authentication flow. Impact: remote session hijacking with partial confidentiality/integri...
CVE-2002-0777
CVE-2002-0777: A buffer overflow in the LDAP component of Ipswitch IMail
CVE-2004-2423
CVE-2004-2423 affects Ipswitch IMail Server web calendar component prior to 8.13. Reports in multiple sources (NVD, CVE lists, OpenVAS) describe a denial-of-service via specific content, with OpenVAS noting multiple buffer overflows in the IMail web interface. The vulnerability is triggered remot...
CVE-2007-5094
The CVE pertains to Ipswitch IMail Server (8.01–8.11) where a heap-based buffer overflow in iaspam.dll within the SMTP Server can be triggered by συγκεκριed malformed Content-Type headers (long boundary parameter, a lone “MIME” line, and long Content-Transfer-Encoding lines). This allows remote c...
CVE-2001-1211
Ipswitch IMail 7.0.4 and earlier contains a vulnerability in the CGI programs aliasadmin and listadm1 that allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted on the same server. The issue arises because these CGI scri...
CVE-2005-1254
The CVE-2005-1254 issue affects Ipswitch IMail IMAP server (versions 8.12 and 8.13; older versions before IMail Server 8.2 Hotfix 2 are also mentioned). It is caused by a stack-based buffer overflow when processing long arguments to the SELECT command (approximately 260 bytes), leading to a remot...
CVE-2000-0019
CVE-2000-0019 affects the IMail POP3 daemon. The vulnerability arises from weak encryption, enabling local users to read files with partial confidentiality impact. The provided sources indicate affected versions are not specified and there is no information about a fix in the documents supplied.
CVE-2001-1280
Ipswitch IMail POP3 Server 7.04 and earlier is affected by CVE-2001-1280. The vulnerability stems from the POP3 service responding differently to valid versus invalid usernames, enabling remote attackers to enumerate users on the system. Affected component: POP3 service of Ipswitch IMail 7.04 and...
CVE-2002-1077
IMail Web Calendaring service (iwebcal) in IPSwitch IMail is affected by CVE-2002-1077. A remote attacker can cause a denial of service (crash) by sending an HTTP POST request that lacks a Content-Length header. The description and connected records confirm the affected component and the vulnerab...
CVE-2002-1076
CVE-2002-1076 describes a buffer overflow in the Web Messaging daemon of Ipswitch IMail prior to 7.12. An attacker could trigger the overflow by sending a specially crafted long HTTP GET request for HTTP/1.0, enabling remote code execution. The affected component is the Web Messaging daemon insid...
CVE-2001-1282
CVE-2001-1282 affects Ipswitch IMail versions 7.04 and earlier. The flaw causes the physical path of email attachments to be recorded in the message header, enabling remote attackers to obtain potentially sensitive configuration information. The available documents do not specify the exact root c...