Every CVE whose affected-product data names Ipswitch Imail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2002-0777 — CVSS 10.0 (critical): Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind…
CVE-2005-1255 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions…
CVE-2004-0297 — CVSS 10.0 (critical): Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows…
CVE-2005-1256 — CVSS 10.0 (critical): Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before…
CVE-1999-1046 — CVSS 10.0 (critical): Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via…
CVE-2007-1637 — CVSS 9.3 (critical): Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers…
CVE-2007-2795 — CVSS 9.0 (critical): Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1)…
CVE-2001-1284 — CVSS 7.5 (high): Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other…
CVE-2007-5094 — CVSS 7.5 (high): Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute…
CVE-2005-2160 — CVSS 7.5 (high): IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2002-1076 — CVSS 7.5 (high): Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long…
CVE-2001-1283 — CVSS 7.5 (high): The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a…
CVE-2001-0494 — CVSS 7.5 (high): Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long…
CVE-2001-1211 — CVSS 7.5 (high): Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information…
CVE-2001-1287 — CVSS 7.5 (high): Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET…
CVE-2001-1286 — CVSS 7.5 (high): Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the…
CVE-1999-1497 — CVSS 7.2 (high): Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for…
CVE-2011-1430 — CVSS 6.8 (medium): The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows…
CVE-2000-0780 — CVSS 6.4 (medium): The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
CVE-2001-1285 — CVSS 5.0 (medium): Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of…
CVE-2001-1281 — CVSS 5.0 (medium): Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by…
CVE-2001-1280 — CVSS 5.0 (medium): POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote…
CVE-2001-0039 — CVSS 5.0 (medium): IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user…
CVE-2000-0825 — CVSS 5.0 (medium): Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is…
CVE-2002-1077 — CVSS 5.0 (medium): IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request…
CVE-2001-1282 — CVSS 5.0 (medium): Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to…
CVE-2000-0301 — CVSS 5.0 (medium): Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
CVE-2000-0056 — CVSS 5.0 (medium): IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
CVE-1999-1557 — CVSS 5.0 (medium): Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial…
CVE-1999-1551 — CVSS 5.0 (medium): Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary…
CVE-2004-2422 — CVSS 5.0 (medium): Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender…
CVE-2004-2423 — CVSS 5.0 (medium): Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of…
CVE-2005-1252 — CVSS 5.0 (medium): Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix…
CVE-2005-1254 — CVSS 5.0 (medium): Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2…
CVE-2004-1520 — CVSS 4.6 (medium): Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE…
CVE-1999-1171 — CVSS 4.6 (medium): IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to…
CVE-1999-1170 — CVSS 4.6 (medium): IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.