[CLOSE] OSVDB ID : 64897 - Disclosed: 2010-02-04

Description:

In the default configuration, IMail grants "Full Control" access to "Internet Guest Account" to the "HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\[domain name]\Users" registry keys which contains the user names and passwords. The passwords can be converted to plain text (see OSVDB-64898)

[CLOSE] OSVDB ID : 30085 - Disclosed: 2006-06-30

Description:

(Description Provided by CVE) : Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission.

[CLOSE] OSVDB ID : 92879 - Disclosed: 2013-04-29

Description:

Ipswitch IMail Server contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the email body before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 1276 - Disclosed: 2000-04-06

Description:

(Description Provided by CVE) : Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.

[CLOSE] OSVDB ID : 39390 - Disclosed: 2007-09-21

Description:

(Description Provided by CVE) : Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line.

[CLOSE] OSVDB ID : 45818 - Disclosed: 2007-07-19

Description:

(Description Provided by CVE) : Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."

[CLOSE] OSVDB ID : 68211 - Disclosed: 2010-09-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21499 - Disclosed: 2005-12-06

Description:

(Description Provided by CVE) : The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.

[CLOSE] OSVDB ID : 69024 - Disclosed: 2010-09-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66438 - Disclosed: 2010-07-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66437 - Disclosed: 2010-07-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6118 - Disclosed: 1998-03-10

Description:

Ipswitch IMail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

[CLOSE] OSVDB ID : 44952 - Disclosed: 2007-07-19

Description:

(Description Provided by CVE) : Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."

[CLOSE] OSVDB ID : 66436 - Disclosed: 2010-07-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66435 - Disclosed: 2010-07-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39388 - Disclosed: 2007-08-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21498 - Disclosed: 2005-12-06

Description:

(Description Provided by CVE) : Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.

[CLOSE] OSVDB ID : 28576 - Disclosed: 2006-09-06

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.

[CLOSE] OSVDB ID : 68210 - Disclosed: 2010-09-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 71020 - Disclosed: 2011-03-07

Description:

Ipswitch IMail Server contains a flaw related to the TLS implementation failing to properly clear transport layer buffers when changing from plaintext to ciphertext upon receipt of the 'STARTTLS' command. This may allow a remote attacker to inject arbitrary plaintext data which will be executed upon transition to ciphertext.

[CLOSE] OSVDB ID : 45819 - Disclosed: 2007-07-19

Description:

(Description Provided by CVE) : Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."

[CLOSE] OSVDB ID : 6116 - Disclosed: 1998-03-11

Description:

Ipswitch IMail Server contains a flaw that allows a remote attacker to crash the server. By sending a VRFY command containing 1024 or more characters to port 25, an attacker will crash the server.

[CLOSE] OSVDB ID : 33648 - Disclosed: 2007-03-07

Description:

(Description Provided by CVE) : Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.

[CLOSE] OSVDB ID : 23796 - Disclosed: 2006-03-09

Description:

A remote overflow exists in Ipswitch IMail Server and Collaboration Suite. The product fails to verify the length of a buffer associated with the FETCH command resulting in a buffer overflow. With a specially crafted command, an attacker can cause the server to crash or possibly execute arbitrary code resulting in a loss of availability or integrity.

[CLOSE] OSVDB ID : 23824 - Disclosed: 2006-03-09

Description:

IMail Server and Collaboration Suite contain a flaw that may allow a remote denial of service. The issue is triggered when a message with an unspecified crafted message type is sent to the server, and will result in loss of availability by logging out all currently logged-in users.

[CLOSE] OSVDB ID : 1686 - Disclosed: 2000-12-07

Description:

(Description Provided by CVE) : IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.

[CLOSE] OSVDB ID : 5610 - Disclosed: 2001-04-24

Description:

A local overflow exists in IPSwitch IMail SMTP daemon. The daemon fails to validate input to the IMail Mailing List handler code resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with system level privileges resulting in a loss of integrity and confidentiality.

[CLOSE] OSVDB ID : 1531 - Disclosed: 2000-08-30

Description:

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.

[CLOSE] OSVDB ID : 83855 - Disclosed: 1999-11-08

Description:

Ipswitch IMail is prone to an overflow condition. The mail server fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted USER command that is between 200 and 500 characters long, a remote attacker can potentially cause a loss of availability.

[CLOSE] OSVDB ID : 9553 - Disclosed: 2004-09-03

Description:

Ipswitch IMail contains a flaw within the web calendar function that may allow an undisclosed denial of service. The issue is triggered when a user submits specially crafted calendar content, and will result in loss of availability for the calendar service.