Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mailessentials
(Gfi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-28 | CVE-2025-34489 | GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. | Mailessentials | 7.8 | ||
| 2025-04-28 | CVE-2025-34490 | GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. | Mailessentials | 6.5 | ||
| 2025-04-28 | CVE-2025-34489 | GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. | Mailessentials | 7.8 | ||
| 2025-04-28 | CVE-2025-34490 | GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. | Mailessentials | 6.5 | ||
| 2025-04-28 | CVE-2025-34489 | GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. | Mailessentials | 7.8 | ||
| 2025-04-28 | CVE-2025-34490 | GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. | Mailessentials | 6.5 | ||
| 2025-04-28 | CVE-2025-34491 | GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup. | Mailessentials | 8.8 | ||
| 2005-01-03 | CVE-2004-1312 | A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. | Mailessentials, Mailsecurity | N/A |