102 matches found
Debian DLA-1443-1 : evolution-data-server security update
It was discovered that there was a protocol implementation error in evolution-data-server where 'STARTTLS not supported' errors from IMAP servers were ignored leading to the use of insecure connections without the user's knowledge or consent. For Debian 8 'Jessie', this issue has been fixed in...
ALPINE-CVE-2017-1000257
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...
cURL buffer overflow vulnerability (CNVD-2017-35204)
cURL is a file transfer tool that works at the command line using URL syntax. A buffer overflow vulnerability exists in cURL. By returning a specially crafted IMAP FETCH response, a remote user can trigger a buffer overrun in the IMAP handler and obtain potentially sensitive information from the...
ALPINE-CVE-2017-7703
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly...
The vulnerability of the Dovecot mail server, which allows a remote attacker to cause a service failure
The Dovecot software contains a bug in the implementation of the IMAP protocol /imap/cmd-append.c. A malicious actor can cause a service failure by using a specially crafted network packet with an incorrectly set “APPEND” parameter, thereby causing the software to enter an infinite loop...
CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...
CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...
Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow
Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is an implementation of the server side of the IMAP protocol. A Buffer overflow vulnerability has been reported in Ipswitch IMail Server List...
[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13
The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...
IBM Lotus Notes Attachment Viewer UUE File Handling Buffer Overflow (CVE-2005-2618)
Lotus Notes is a client-server collaborative software and email system provided by IBM. The Lotus Notes email client application is capable of communicating with email servers over the SMTP, POP and IMAP protocols. There exists a buffer overflow vulnerability in IBM Lotus Notes Attachment Viewer...
Ipswitch IMail Server Imailsec.dll Heap Buffer Overflow (CVE-2007-2795)
Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is a server-side implementation of the IMAP protocol. There exists a heap overflow vulnerability in Ipswitch IMail Server IMAP component. The...
GNU Mailutils imap4d SEARCH Format String (CVE-2005-2878)
The Internet Message Access Protocol IMAP specifies a protocol for the access and manipulation of electronic mail. The protocol permits the manipulation of mailboxes on a remote server and allows a remote client, among other operations, to create, delete, or rename mailboxes on the server side. T...
GNU Mailutils imap4d Format String (CVE-2005-1523)
The Internet Message Access Protocol IMAP specifies a protocol for the access and manipulation of electronic mail. The protocol permits the manipulation of mailboxes on a remote server and allows a remote client, among other operations, to create, delete, or rename mailboxes on the server side. T...
The use of injection techniques to attack the mail server and defenses(a)-vulnerability warning-the black bar safety net
This article will detail through the talk to mail server communication of a Web application, i.e., the webmail application to inject some mail protocolsIMAP and SMTP Protocolcommands to attack a mail server of the principles, methods and defenses. A Webmail application role Webmail app through IM...
Preemptive Protection against Mercury Mail IMAP Buffer Overflow Vulnerability
Multiple buffer overflow vulnerabilities exist in Mercury Mail Transport System. Mercury Mail Transport System is a free mail server program that supports various email access and exchange protocols, including the Internet Message Access Protocol IMAP. IMAP is a standard protocol for accessing...
MERCUR imapd SUBSCRIBE command buffer overflow
Added: 03/27/2007 CVE: CVE-2007-1579 BID: 23050 OSVDB: 33546 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by...
SquirrelMail: Cross-site scripting and IMAP command injection
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...
imap security update
CentOS Errata and Security Advisory CESA-2005:850 An updated imap package that fixes a buffer overflow issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The imap package provides server daemons for both the IMAP Internet...
FTGate4 Groupware Mail Server 4.1 - imapd Remote Buffer Overflow (PoC)
FTGate4 Groupware Mail Server 4.1 - imapd Remote Buffer Overflow PoC !/usr/bin/perl use IO::Socket; print "\nFTGate Imapd BufferOverrun\nLuca Ercoli [email protected]\n"; print "http://www.lucaercoli.it\n\n\n"; $host = "localhost"; $remote = IO::Socket::INET-new Proto = "tcp", PeerAddr = $host,...
FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
No description provided by source. !/usr/bin/perl use IO::Socket; print "\nFTGate Imapd BufferOverrun\nLuca Ercoli [email protected]\n"; print "http://www.lucaercoli.it\n\n\n"; $host = "localhost"; $remote = IO::Socket::INET-new Proto = "tcp", PeerAddr = $host, PeerPort = "143", ; unless $remote...