GCVE - cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*

part: a version: 5.0 update: *

Vendor	Ipswitch (`f980cf58-ade3-5008-97dc-5202aeb62886`)
Product	Imail (`986a46cb-a46f-5cad-ad2a-db7759fd395b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1430`	vulnerable	2026-06-03 14:31:01.429382	Details available The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Published: 2011-03-16T22:00:00.000Z Updated: 2024-08-06T22:28:41.210Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/MAPG-8DBRD4 https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 http://www.osvdb.org/71020 http://secunia.com/advisories/43676 http://www.securityfocus.com/bid/46767	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2423`	vulnerable	2026-06-03 14:26:47.444134	Details available Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content." Published: 2005-08-18T04:00:00.000Z Updated: 2024-08-08T01:29:12.845Z Open on db.gcve.eu Reference links http://www.osvdb.org/9553 https://exchange.xforce.ibmcloud.com/vulnerabilities/17220 http://www.securityfocus.com/bid/11106 http://secunia.com/advisories/12453 http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2422`	vulnerable	2026-06-03 14:26:47.430462	Details available Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. Published: 2005-08-18T04:00:00.000Z Updated: 2024-08-08T01:29:12.863Z Open on db.gcve.eu Reference links http://www.osvdb.org/9552 https://exchange.xforce.ibmcloud.com/vulnerabilities/17222 https://exchange.xforce.ibmcloud.com/vulnerabilities/17219 http://www.osvdb.org/9554 http://www.securityfocus.com/bid/11106	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0777`	vulnerable	2026-06-03 14:26:15.052799	Details available Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T03:03:47.929Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/9116.php http://www.securityfocus.com/bid/4780 http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0780`	vulnerable	2026-06-03 14:25:59.888258	Details available The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:28:41.571Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=96767207207553&w=2 http://www.ipswitch.com/Support/IMail/news.html http://www.securityfocus.com/bid/1617	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0301`	vulnerable	2026-06-03 14:25:42.919597	Details available Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:14:21.102Z Open on db.gcve.eu Reference links http://support.ipswitch.com/kb/IM-20000208-DM02.htm http://marc.info/?l=bugtraq&m=95505800117143&w=2 http://www.securityfocus.com/bid/1094	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-1551`	vulnerable	2026-06-03 14:25:42.449075	Details available Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL. Published: 2001-09-12T04:00:00.000Z Updated: 2024-08-01T17:18:07.520Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/1898 http://www.securityfocus.com/bid/505 http://marc.info/?l=bugtraq&m=92038879607336&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-1497`	vulnerable	2026-06-03 14:25:42.376515	Details available Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. Published: 2001-09-12T04:00:00.000Z Updated: 2024-08-01T17:18:07.510Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/39329 http://www.securityfocus.com/bid/880	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-1171`	vulnerable	2026-06-03 14:25:42.010540	Details available IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Published: 2001-09-12T04:00:00.000Z Updated: 2024-08-01T17:02:53.739Z Open on db.gcve.eu Reference links http://marc.info/?l=ntbugtraq&m=91816507920544&w=2 http://www.securityfocus.com/bid/218	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-1170`	vulnerable	2026-06-03 14:25:42.010244	Details available IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Published: 2001-09-12T04:00:00.000Z Updated: 2024-08-01T17:02:53.755Z Open on db.gcve.eu Reference links http://marc.info/?l=ntbugtraq&m=91816507920544&w=2 http://www.securityfocus.com/bid/218	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-1046`	vulnerable	2026-06-03 14:25:41.866560	Details available Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. Published: 2001-09-12T04:00:00.000Z Updated: 2024-08-01T16:55:29.460Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/504 http://marc.info/?l=bugtraq&m=92038879607336&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/1897	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.