69 matches found
CMailServer CMailCOM.dll MoveToFolder buffer overflow
Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...
CMailServer CMailCOM.dll MoveToFolder buffer overflow
Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...
cmailserver-seh.txt
0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth but you can have a user account by simply browsing t...
CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit
No description provided by source. ?php / CMailServer 5.4.6 mvmail.asp/CMailCOM.dll remote seh overwrite proof of concept exploit by Nine:Situations:Group::bruiser our site: http://retrogod.altervista.org/ software site: http://www.youngzsoft.net/cmailserver/ Google dorks: intitle:"Mail Server...
Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite (SEH)
Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite SEH 0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars...
Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)
0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth...
CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit
Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...
Cross site scripting
Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...
CVE-2007-1991
Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...
CVE-2007-1991
Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...
CVE-2007-1991
CVE-2007-1991 is an XSS vulnerability affecting CmailServer WebMail 5.4.3 (and possibly earlier) in the mail/signup.asp path. The issue allows remote attackers to inject arbitrary web script or HTML via the Comment parameter (a vector distinct from CVE-2007-1927). Public references confirm the sa...
CVE-2007-1927
Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...
CVE-2007-1927
The provided documents confirm a concrete XSS vulnerability: CVE-2007-1927 affects CmailServer WebMail 5.3.4 and earlier, where arbitrary web script/HTML can be injected via the POP3Mail parameter in signup.asp. Connected records also reference CVE-2007-1991 (a related XSS in mail/signup.asp via ...
CVE-2007-1927
Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...
cmail534-xss.txt
//'=============================================================================================== //'Script Name: CmailServer WebMail Cmail XSS JavaScript:alertdocument.cookie;"...
CMailServer mail system, the attachment download module download mail system installation disk arbitrary file vulnerability-vulnerability warning-the black bar safety net
CMailServer mail system, the attachment download module download mail system installation disk arbitrary file vulnerability Our Team: http://www.ph4nt0m.org Author: cloud [email protected] Date: 2005-11-06 Severity: medium Error type: parameter checking is not strict Affect the system: th...
CVE-2004-1129
SQL injection vulnerability in 1 fdelmail.asp, 2 addressc.asp, and possibly 3 postmail.asp and 4 fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter...
CVE-2004-1130
Cross-site scripting XSS vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as 1 username, 2 name, or 3 comments...
CVE-2004-1128
Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename...