| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2001-1282 | 5.0 |
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
|
10-09-2008 - 19:10 | 12-10-2001 - 04:00 | |
| CVE-2001-1283 | 7.5 |
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2
|
10-09-2008 - 19:10 | 12-10-2001 - 04:00 | |
| CVE-2001-1284 | 7.5 |
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
|
10-09-2008 - 19:10 | 12-10-2001 - 04:00 | |
| CVE-2001-1286 | 7.5 |
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
|
10-09-2008 - 19:10 | 12-10-2001 - 04:00 | |
| CVE-2001-1285 | 5.0 |
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
|
10-09-2008 - 19:10 | 12-10-2001 - 04:00 |