GCVE - cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*

part: a version: 2006 update: *

Vendor	Ipswitch (`f980cf58-ade3-5008-97dc-5202aeb62886`)
Product	Imail (`986a46cb-a46f-5cad-ad2a-db7759fd395b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1430`	vulnerable	2026-06-03 14:31:01.450302	Details available The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Published: 2011-03-16T22:00:00.000Z Updated: 2024-08-06T22:28:41.210Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/MAPG-8DBRD4 https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 http://www.osvdb.org/71020 http://secunia.com/advisories/43676 http://www.securityfocus.com/bid/46767	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1637`	vulnerable	2026-06-03 14:28:06.268088	Details available Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. Published: 2007-03-23T22:00:00.000Z Updated: 2024-08-07T13:06:25.360Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/0853 http://secunia.com/advisories/24422 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487 http://www.securitytracker.com/id?1017737 http://support.ipswitch.com/kb/IM-20070305-JH01.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-2160`	vulnerable	2026-06-03 14:27:01.267037	Details available IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. Published: 2005-07-06T04:00:00.000Z Updated: 2024-08-07T22:15:37.617Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=112060187204457&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0019`	vulnerable	2026-06-03 14:25:42.527693	Details available IMail POP3 daemon uses weak encryption, which allows local users to read files. Published: 2000-02-04T05:00:00.000Z Updated: 2024-08-08T04:58:11.412Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.