CVE-2006-6964

MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.

Published: Jan 29, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-6964
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mailenable / mailenable_professional	1.7	1.7.x
mailenable / mailenable_professional	1.71	1.71.x
mailenable / mailenable_professional	1.75	1.75.x
mailenable / mailenable_professional	1.72	1.72.x
mailenable / mailenable_professional	1.77	1.77.x
mailenable / mailenable_professional	1.74	1.74.x
mailenable / mailenable_professional	1.76	1.76.x
mailenable / mailenable_professional	1.73	1.73.x

http://securitytracker.com/id?1016337
http://www.mailenable.com/Professional1-ReleaseNotes.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/27185

Vulnerability Database

290,278

CVE-2006-6964