Stack overflow

Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the 1 CreateUserPath, 2 Logout, 3 DeleteMailByUID, 4 MoveToInbox, 5 MoveToFolder, 6 DeleteMailEx, 7 GetMailDataEx, 8 SetReplySign, 9 SetForwardSign, a...

cmailserver-seh.txt

0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth but you can have a user account by simply browsing t...

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

No description provided by source. ?php / CMailServer 5.4.6 mvmail.asp/CMailCOM.dll remote seh overwrite proof of concept exploit by Nine:Situations:Group::bruiser our site: http://retrogod.altervista.org/ software site: http://www.youngzsoft.net/cmailserver/ Google dorks: intitle:"Mail Server...

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...

Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite (SEH)

Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite SEH 0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars...

Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)

0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth...