Search
Search Results (86 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12923 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker. | ||||
| CVE-2015-9280 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 10.0 Critical |
| MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | ||||
| CVE-2015-9279 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | ||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | ||||
| CVE-2015-9277 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | ||||
| CVE-2012-0389 | 1 Mailenable | 1 Mailenable | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. | ||||