77 matches found
SA-CONTRIB-2014-099 - Open Atrium Core - Access bypass
The oacore module contains the base access control mechanism for the Open Atrium distribution OA2. In OA2, file attachments are given the same access permission as the node they are attached to. The vulnerability is when an attachment is removed from a node that has Revisions enabled. It allows...
Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/1056/info WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser. Insufficient boundary checking exists in the code which handles GET...
Atrium Software Mercur Mailserver 3.3/4.0/4.2 IMAP AUTH Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8861/info A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it...
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)
No description provided by source. source: http://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP mail from command, the POP3 user command and the IMAP login command. T...
Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)
No description provided by source. source: http://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP mail from command, the POP3 user command and the IMAP login command. T...
Mercur Messaging 2005 IMAP Login Buffer Overflow
No description provided by source. $Id: mercurlogin.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Mercur Messaging 2005 - IMAP Login Buffer Overflow (Metasploit)
$Id: mercurlogin.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Atrium Software MERCUR IMAPD NTLMSSP Command Handling Memory Corruption (CVE-2007-1578)
The Internet Message Access Protocol IMAP specifies a method for the access and manipulation of electronic mail. The protocol permits the manipulation of mailboxes on a remote server and allows a remote client, among other operations, to create, delete, or rename mailboxes on the server side. The...
Mercur Messaging 2005 IMAP Login Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mercur...
Preemptive Protection against Atrium MERCUR IMAP SUBSCRIBE Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Atrium MERCUR Messaging Server. Atrium MERCUR Messaging Server is a mail application for Windows. The flaw is in the Atrium MERCUR IMAP service. Internet Message Access Protocol IMAP is a standard protocol for accessing e-mail from a local server that...
Atrium Mercur IMapD NTLM缓冲区溢出漏洞
Atrium Mercur IMapD是一款Imap协议实现的IMAPD守护程序。 Atrium Mercur IMapD处理NTLM验证存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 提交恶意的请求,可导致触发缓冲区溢出。攻击者可导致拒绝服务或者任意指令执行攻击。 Atrium Software Mercur IMAPD 1 SP4 目前没有解决方案提供: http://www.atrium-software.com/ !/usr/bin/perl mercur-v1.pl Mercur v5.00.14 win32 remote exploit by mu-b...
Atrium Mercur IMap Subscribe请求远程栈溢出漏洞
Mercur是Atrium Software推出的系列邮件服务器产品。 Mercur的NTLM认证机制实现上存在漏洞,远程攻击者可能利用此漏洞控制服务器或导致服务崩溃。 Mercur的IMAPD在实现NTLM的代码中盲目使用用户提供的长度数据作为memcpy调用的参数,远程攻击者可能利用此问题触发一个栈溢出,导致拒绝服务或执行任意指令。 Atrium Software Mercur v5.00.14 win32 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.atrium-software.com/...
Atrium Mercur Mailserver IMAPD buffer overflow
Multiple buffer overflows in IMAP NTLM authentication implementation. Buffer overflow in SUBSCRIBE command...
Stack overflow
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command...
Stack overflow
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD mcrimap4.exe 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow...
CVE-2007-1578
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD mcrimap4.exe 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow...
CVE-2007-1579
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command...
CVE-2007-1579
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command...
CVE-2003-1322
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long 1 EXAMINE, 2 DELETE, 3 SUBSCRIBE, 4 RENAME, 5 UNSUBSCRIBE, 6 LIST, 7 LSUB, 8 STATUS, 9 LOGIN, 10 CREATE, or 11 SELECT command...
CVE-2003-1322
CVE-2003-1322 concerns Atrium MERCUR IMAPD in MERCUR Mailserver up to version 4.2.15.0. The vulnerability is described as multiple stack-based buffer overflows in the IMAPD process that can be triggered by long commands, including: EXAMINE, DELETE, SUBSCRIBE, RENAME, UNSUBSCRIBE, LIST, LSUB, STAT...