CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plai...

CVE-1999-1551

Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.

CVE-2000-0301

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.

CVE-2004-2422

Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.

CVE-1999-1497

Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.

CVE-2000-0780

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.

CVE-2002-0777

Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.

CVE-2000-0056

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.

CVE-2004-2423

Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."