1. CVE-Search
  2. CVE-2007-0652
ID CVE-2007-0652
Summary Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
References
Vulnerable Configurations
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 16-10-2018 - 16:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 22554
bugtraq 20070214 Secunia Research: MailEnable Web Mail Client MultipleVulnerabilities
misc http://secunia.com/secunia_research/2007-38/advisory/
osvdb 33191
secunia 23998
sreason 2258
vupen ADV-2007-0595
Last major update 16-10-2018 - 16:33
Published 15-02-2007 - 23:28
Last modified 16-10-2018 - 16:33
Back to Top