It has been reported there are multiple security
problems and vulnerabilities affecting Ipswitch Imail, the Web-based mail
server.

These problems could involve the disclosure of important data on the server on which the Imail server is running, as happens when sending attached files, which display the complete file path. The information could be used maliciously, to construct server directory structures, which could in turn enable attacks to be launched.

Another Ipswitch IMail vulnerability could allow unauthorised access to user information in the Web messaging service. It is in fact possible, by modifying a hidden variable, for an attacker to specify another user
identifier to access the change details form. The problem could become more serious still, given the possibility for a person with authorization to view other users' mailboxes.

The Web Calendar feature in IMail is also affected by a buffer overflow that could allow an attacker to run code with system privileges. This kind of aggression could be carried out using a specially crafted GET request.

Anyone utilizing IpSwitch software may obtain available patches and upgrades at:  
http://www.ipswitch.com/Support/IMail/patch-upgrades.html