24 matches found
EUVD-1999-0803
Malware in sbrugna...
EUVD-2001-0039
Malware in sbrugna...
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...
CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...
PT-2023-3171 · Zyxel · Zyxel Nas326 +2
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions prior to V5.21AAZF.14C0 Zyxel NAS540 versions prior to V5.21AATB.11C0 Zyxel NAS542 versions prior to V5.21ABAG.11C0 Description: The pre-authentication command injection issue in Zyxel NAS devices could allow an...
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...
CVE-2020-28021
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...
CVE-2018-11106
NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...
EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2020-1146)
According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AU...
U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███
Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...
CVE-2019-11494
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command...
CVE-2019-11494
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command...
Immunity Canvas: BRIGHTMAIL_RESTORE
Name| brightmailrestore ---|--- CVE| CVE-2017-6327 Exploit Pack| CANVAS Description| Symantec Brightmail Pre-Auth Command Injection Notes| CVE Name: CVE-2017-6327 VENDOR: http://symantec.com Notes: Tested on: Symantec Messaging Gateway 10.6.3 Appliance SPECIAL: on SMG versions = 10.6.3, our...
BoZoN 2.4 - Remote Code Execution
Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BOZON-PRE-AUTH-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: ============ bozon.pw/en/ Product: =========== BoZoN 2.4 Bozon is a simple file-sharing app. Easy to...
CVE-2003-1177
CVE-2003-1177 describes a buffer overflow in the base64 decoder of MERCUR Mailserver 4.2 before SP3a. An attacker could trigger it via long AUTH (POP3) or AUTHENTICATE (IMAP) commands, potentially causing a denial of service and possibly arbitrary code execution.
CVE-2003-1177
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long 1 AUTH command to the POP3 server or 2 AUTHENTICATE command to the IMAP server...
Atrium Software Mercur MailServer 3.34.04.2 - IMAP AUTH Remote Buffer Overflow
Atrium Software Mercur MailServer 3.34.04.2 - IMAP AUTH Remote Buffer Overflow source: https://www.securityfocus.com/bid/8861/info A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a...
Atrium Software Mercur MailServer 3.3/4.0/4.2 - IMAP AUTH Remote Buffer Overflow
source: https://www.securityfocus.com/bid/8861/info A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it possible for an attacker to gain...
CVE-2001-0039
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes...