Product
mailenable
89 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-44400
CVE-2026-32852
CVE-2026-32851
CVE-2026-32850
CVE-2025-34428
CVE-2025-34427
CVE-2025-34424
CVE-2025-34423
CVE-2025-34422
CVE-2025-34421
CVE-2025-34420
CVE-2025-34419
CVE-2025-34418
CVE-2025-34417
CVE-2025-34416
CVE-2025-34425
CVE-2025-34409
CVE-2025-34408
CVE-2025-34407
CVE-2025-34406
CVE-2025-34404
CVE-2025-34403
CVE-2025-34402
CVE-2025-34401
CVE-2025-34400
CVE-2025-34399
CVE-2025-34398
CVE-2025-34397
CVE-2025-34396
CVE-2025-44148
CVE-2022-42136
CVE-2019-12927
CVE-2019-12926
CVE-2019-12925
CVE-2019-12924
CVE-2019-12923
CVE-2015-9280
CVE-2015-9279
CVE-2015-9278
CVE-2015-9277
CVE-2012-2588
CVE-2012-0389
CVE-2010-2580
CVE-2008-3449
CVE-2008-1277
CVE-2008-1276
CVE-2008-1275
CVE-2007-1301
CVE-2007-0652
CVE-2007-0651
CVE-2007-0955
CVE-2006-6997
CVE-2006-6964
CVE-2006-6605
CVE-2006-6484
CVE-2006-6423
CVE-2006-6291
CVE-2006-6290
CVE-2006-6239
CVE-2006-5177
CVE-2006-5176
CVE-2006-4616
CVE-2006-3277
CVE-2006-1792
CVE-2006-1338
CVE-2006-1337
CVE-2006-0504
CVE-2006-0503
CVE-2005-4457
CVE-2005-4456
CVE-2005-4402
CVE-2005-3993
CVE-2005-3813
CVE-2005-3690
CVE-2005-3155
CVE-2005-2278
CVE-2005-2223
CVE-2005-2222
CVE-2005-1781
CVE-2005-1348
CVE-2005-1015
CVE-2005-1014
CVE-2005-1013
CVE-2005-0804
CVE-2004-2727
CVE-2004-2726
CVE-2004-2501
CVE-2004-2194
CVE-2002-2357
< 10.56
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal tha
< 10.55
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows re
< 10.55
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows re
< 10.55
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows re
< 10.54
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential comp
< 10.54
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential comp
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the WindowContext parameter of
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/Co
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mond
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mond
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mon
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of
< 10.54
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobil
< 10.54
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. Th
< 10.00
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failu
< 8.66
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS u
>= 6.0 and < 6.90
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session
>= 6.0 and < 6.90
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possib
>= 6.0 and < 6.90
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could ad
>= 6.0 and < 6.90
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an un
>= 6.0 and < 6.90
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented c
< 8.60
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
< 8.60
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
< 8.60
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in
< 8.60
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files bec
all versions
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web sc
<= 4.26
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and ea
<= 4.25
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers
all versions
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP co
<= 3.13
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers
<= 3.13
Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and ear
<= 3.0
Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier,
all versions
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote
all versions
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary
all versions
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitr
<= 2.35
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial
all versions
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73,
all versions
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allo
<= 2.35
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; a
all versions
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and E
all versions
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional
>= 1.1 and <= 1.40
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable E
all versions
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through
all versions
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty pa
all versions
The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code vi
all versions
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitr
all versions
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a de
all versions
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the
all versions
Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Ent
all versions
Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denia
<= 1.2
Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Ente
all versions
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU ut
all versions
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) v
all versions
MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute
all versions
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause
<= 1.71
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to
<= 1.6
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to
all versions
IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a deni
<= 1.6
Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and ea
all versions
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary
all versions
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execut
all versions
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to
all versions
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
all versions
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
<= 1.54
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to
all versions
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
all versions
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to ex
all versions
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a de
all versions
Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format
all versions
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of serv
all versions
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remo
all versions
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to
all versions
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of servic
all versions
MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly d