Lucene search
K

69 matches found

Saint
Saint
added 2008/08/27 12:0 a.m.21 views

CMailServer CMailCOM.dll MoveToFolder buffer overflow

Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...

8.6AI score
Exploits0
Saint
Saint
added 2008/08/27 12:0 a.m.11 views

CMailServer CMailCOM.dll MoveToFolder buffer overflow

Added: 08/27/2008 BID: 30098 OSVDB: 46750 Background CMailServer is a mail and web mail server. The CMailServer web interface includes the CMailCOM.dll component which provides several classes. Problem A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll...

8.6AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/10 12:0 a.m.18 views

cmailserver-seh.txt

0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth but you can have a user account by simply browsing t...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/07/08 12:0 a.m.23 views

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

No description provided by source. ?php / CMailServer 5.4.6 mvmail.asp/CMailCOM.dll remote seh overwrite proof of concept exploit by Nine:Situations:Group::bruiser our site: http://retrogod.altervista.org/ software site: http://www.youngzsoft.net/cmailserver/ Google dorks: intitle:"Mail Server...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/07/06 12:0 a.m.45 views

Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite (SEH)

Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite SEH 0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2008/07/06 12:0 a.m.49 views

Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)

0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth...

7.4AI score
Exploits0
0day.today
0day.today
added 2008/07/06 12:0 a.m.22 views

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...

7.1AI score
Exploits0
Prion
Prion
added 2007/04/12 10:19 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...

4.3CVSS6.1AI score0.01217EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/04/12 10:19 a.m.1 views

CVE-2007-1991

Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...

4.3CVSS5.8AI score0.01217EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/04/12 10:0 a.m.21 views

CVE-2007-1991

Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...

5.7AI score0.01022EPSS
Exploits0References3
CVE
CVE
added 2007/04/12 10:0 a.m.49 views

CVE-2007-1991

CVE-2007-1991 is an XSS vulnerability affecting CmailServer WebMail 5.4.3 (and possibly earlier) in the mail/signup.asp path. The issue allows remote attackers to inject arbitrary web script or HTML via the Comment parameter (a vector distinct from CVE-2007-1927). Public references confirm the sa...

4.3CVSS5.7AI score0.01022EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/04/10 11:19 p.m.19 views

CVE-2007-1927

Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...

4.3CVSS5.6AI score0.01217EPSS
Exploits0References6
Prion
Prion
added 2007/04/10 11:19 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...

4.3CVSS6AI score0.01217EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2007/04/10 11:0 p.m.44 views

CVE-2007-1927

The provided documents confirm a concrete XSS vulnerability: CVE-2007-1927 affects CmailServer WebMail 5.3.4 and earlier, where arbitrary web script/HTML can be injected via the POP3Mail parameter in signup.asp. Connected records also reference CVE-2007-1991 (a related XSS in mail/signup.asp via ...

4.3CVSS5.7AI score0.01217EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/04/10 11:0 p.m.26 views

CVE-2007-1927

Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...

5.6AI score0.01217EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2007/04/08 12:0 a.m.31 views

cmail534-xss.txt

//'=============================================================================================== //'Script Name: CmailServer WebMail Cmail XSS JavaScript:alertdocument.cookie;"...

7.4AI score
Exploits0
myhack58
myhack58
added 2005/12/05 12:0 a.m.22 views

CMailServer mail system, the attachment download module download mail system installation disk arbitrary file vulnerability-vulnerability warning-the black bar safety net

CMailServer mail system, the attachment download module download mail system installation disk arbitrary file vulnerability Our Team: http://www.ph4nt0m.org Author: cloud [email protected] Date: 2005-11-06 Severity: medium Error type: parameter checking is not strict Affect the system: th...

0.4AI score
Exploits0
NVD
NVD
added 2005/01/10 5:0 a.m.18 views

CVE-2004-1129

SQL injection vulnerability in 1 fdelmail.asp, 2 addressc.asp, and possibly 3 postmail.asp and 4 fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter...

10CVSS7.9AI score0.01933EPSS
Exploits0References4
NVD
NVD
added 2005/01/10 5:0 a.m.19 views

CVE-2004-1130

Cross-site scripting XSS vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as 1 username, 2 name, or 3 comments...

6.8CVSS6AI score0.01306EPSS
Exploits0References4
NVD
NVD
added 2005/01/10 5:0 a.m.12 views

CVE-2004-1128

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename...

10CVSS7.9AI score0.0504EPSS
Exploits0References4
Rows per page
Query Builder