Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12924 | 1 Mailenable | 1 Mailenable | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users). | |||||
| CVE-2015-9280 | 1 Mailenable | 1 Mailenable | 2019-10-03 | 5.0 MEDIUM | 10.0 CRITICAL |
| MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | |||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2019-02-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | |||||
| CVE-2015-9277 | 1 Mailenable | 1 Mailenable | 2019-01-17 | 7.5 HIGH | 9.1 CRITICAL |
| MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | |||||