ALT-N MDaemon POP Server < 9.06 USER / APOP Command Overflow

Binary data 3734.prm...

MDaemon POP3 Server &lt; 9.06 - &#039;USER&#039; Remote Buffer Overflow (PoC)

PoC for Mdaemon POP3 preauth heap overflow Coded by Leon Juranic Infigo IS $host = '192.168.0.105'; use IO::Socket; for $x = 0 ; $x $host,PeerPort = '110', Proto = 'tcp' || die "socket error\n\n"; recv $sock, $var, 10000,0; print $var; print $sock "USER " . "@A" x 160 . "\r\n"; recv $sock, $var,...

[Full-disclosure] MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable

Hello this is kcope, recently I thought I had discovered a remote preauth vulnerability in MDaemon latest version 9.0.1/9.0.2. And it really looked like one in the debugger OllyDbg .. so I posted it to full disclosure. Afterwards I tried to write an exploit, and yes I succeeded! But the problem i...

Buffer overflow

Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' double quote...

CVE-2006-2646

Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' double quote...

CVE-2006-2646

Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' double quote...

CVE-2006-2646

CVE-2006-2646 is a buffer overflow in Alt-N MDaemon (likely affected versions up to 9.0.1 and earlier) that allows remote attackers to execute arbitrary code. The overflow occurs via a long A0001 argument that begins with a double quote (""). The connected sources provide the same description acr...

[Full-disclosure] *zeroday warez* MDAEMON LATEST VERSION PREAUTH REMOTE ROOT HOLE *zeroday warez*

MDAEMON LATEST VERSION PREAUTH REMOTE ROOT HOLE zeroday discovered by kcope kingcopeatgmx.net !!! shouts to alex,wY!,bogus,revoguard,adizeone Description There's a remotely exploitable preauthentication hole in Alt-N MDaemon. It is a Heap Overflow in the IMAP Daemon. It can be triggered by sendin...

MDaemon buffer overflow

Buffer overflow on oversized quoted string in IMAP commands. Vulnerability exploitation is probably impossible...

Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow

source: https://www.securityfocus.com/bid/18129/info Alt-N MDaemon IMAP Server is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This iss...

Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow

Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow source: https://www.securityfocus.com/bid/18129/info Alt-N MDaemon IMAP Server is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to...

MDaemon < 8.1.4 Remote Overflow

Binary data 3634.prm...

MDaemon WebAdmin 2.0.X SQL injection

No description provided by source. Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL...

MDaemon WebAdmin 2.0.x - SQL Injection

Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL INJ&View=User...

MDaemon WebAdmin 2.0.x - SQL Injection

MDaemon WebAdmin 2.0.x - SQL Injection Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL...

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

CVE-2006-0925

Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service CPU consumption by creating and then listing folders whose names contain format string specifiers...