GCVE - cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*

part: a version: 1.103 update: *

Vendor	Mailenable (`ac781917-bc09-5845-a37c-c45d67bfa524`)
Product	Mailenable Professional (`bdb29d49-6385-5ec9-ae52-712a313e23f1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-0652`	vulnerable	2026-06-08 04:49:32.987066	Details available Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. Published: 2007-02-15T23:00:00.000Z Updated: 2024-08-07T12:26:54.322Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/2258 http://secunia.com/advisories/23998 http://www.securityfocus.com/archive/1/460063/100/0/threaded http://osvdb.org/33191 http://www.vupen.com/english/advisories/2007/0595	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0651`	vulnerable	2026-06-08 04:49:32.977418	Details available Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. Published: 2007-02-15T23:00:00.000Z Updated: 2024-08-07T12:26:54.317Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/2258 http://secunia.com/advisories/23998 http://www.mailenable.com/Professional20-ReleaseNotes.txt http://osvdb.org/33189 http://osvdb.org/33190	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3277`	vulnerable	2026-06-08 04:49:08.819011	Details available The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument. Published: 2006-06-28T22:00:00.000Z Updated: 2024-08-07T18:23:20.680Z Open on db.gcve.eu Reference links http://www.mailenable.com/hotfix/mesmtpc.zip https://exchange.xforce.ibmcloud.com/vulnerabilities/27387 http://securitytracker.com/id?1016376 http://www.vupen.com/english/advisories/2006/2520 http://secunia.com/advisories/20790	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Mailenable Professional

PURL mappings

Vulnerability references

Contribute