96 matches found
CVE-2006-2414
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the 1 LIST or 2 DELETE IMAP command...
SquirrelMail: Cross-site scripting and IMAP command injection
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...
[ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail
============================================= INTERNET SECURITY AUDITORS ALERT 2006-002 - Original release date: February 27, 2006 - Last revised: February 27, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY...
CVE-2006-0377
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimapmailboxselect command, aka "IMAP injection."...
CVE-2006-0377
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimapmailboxselect command, aka "IMAP injection."...
CVE-2006-0377
CVE-2006-0377 affects SquirrelMail 1.4.0–1.4.5, enabling CRLF injection in the sqimap_mailbox_select path to inject IMAP commands. The Debian/DSA-988 advisory and related OpenVAS entries confirm this trio of vulnerabilities and note a fixed version (Debian: 1.2.6-5 for old Woody; CentOS/Red Hat a...
Buffer overflow
Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. NOTE: this is a different vector and a different manipulation than CVE-2005-4267, so it...
CVE-2005-4267
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "" character, as demonstrated using long 1 LIST, 2 LSUB, 3 SEARCH TEXT, 4 STATUS INBOX, 5 AUTHENTICATE, 6 FETCH, 7 SELECT, and 8 COPY commands...
CVE-2005-3640
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate FTGate4 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command...
MailEnable buffer overflow
Buffer overflow on oversized IMAP command...
SurgeMail < 3.9g2-2 IMAP Command Handling Unspecified DoS
Binary data 4555.prm...
Netscape Messaging Server IMAP LIST Command Remote Overflow
There is a buffer overflow in the remote imap server which allows an authenticated user to obtain a remote shell. A way to reproduce the overflow is to issue the command : list AAAAA...AAAA / %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
Дырка в Netscape Messaging Server
Классическое переполнение буфера в IMAP-команде list...
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows 2 source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user...
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)
source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash if...
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)
// source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash...