Imail

imail

Vendor: Ipswitch • 38 CVEs

CVEs (38)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2001-1285 1Ipswitch 1Imail Apr 16, 2026 Oct 12, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
CVE-2001-1284 1Ipswitch 1Imail Apr 16, 2026 Oct 12, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVE-2001-1283 1Ipswitch 1Imail Apr 16, 2026 Oct 12, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs...Show more The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.Show less
CVE-2001-1282 1Ipswitch 1Imail Apr 16, 2026 Oct 12, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
CVE-2001-1281 1Ipswitch 1Imail Apr 16, 2026 Oct 12, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
CVE-2001-1280 1Ipswitch 1Imail Apr 16, 2026 Oct 12, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
CVE-2001-0494 1Ipswitch 1Imail Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
CVE-2001-0039 1Ipswitch 1Imail Apr 16, 2026 Feb 16, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
CVE-2000-0825 1Ipswitch 1Imail Apr 16, 2026 Nov 14, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
CVE-2000-0780 1Ipswitch 1Imail Apr 16, 2026 Oct 20, 2000 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
CVE-2000-0301 1Ipswitch 1Imail Apr 16, 2026 Apr 6, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
CVE-2000-0056 1Ipswitch 1Imail Apr 16, 2026 Jan 5, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
CVE-1999-1497 1Ipswitch 1Imail Apr 16, 2026 Dec 21, 1999 N/A· v4 N/A· v3 7.2 HIGH· v2 Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
CVE-2000-0019 1Ipswitch 1Imail Apr 16, 2026 Mar 4, 1999 N/A· v4 N/A· v3 2.1 LOW· v2 IMail POP3 daemon uses weak encryption, which allows local users to read files.
CVE-1999-1551 1Ipswitch 1Imail Apr 16, 2026 Mar 2, 1999 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
CVE-1999-1046 1Ipswitch 1Imail Apr 16, 2026 Mar 1, 1999 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
CVE-1999-1171 2Ipswitch Progress 2Imail Ws Ftp Server Apr 16, 2026 Feb 2, 1999 N/A· v4 N/A· v3 4.6 MEDIUM· v2 IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-1999-1170 2Ipswitch Progress 2Imail Ws Ftp Server Apr 16, 2026 Jan 2, 1999 N/A· v4 N/A· v3 4.6 MEDIUM· v2 IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.

Previous 12