27 matches found
EUVD-2005-1519
Malware in sbrugna...
EUVD-2001-1336
Malware in sbrugna...
EUVD-2005-1481
Malware in sbrugna...
EUVD-2001-1335
Malware in sbrugna...
NetWin DMail 2.7/2.8 ETRN Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1297/info NetWin's DMail is an alternative mail-server solution for unix and NT servers. There is a buffer overflow vulnerability in the server daemon that could allow remote attackers to execute arbitrary commands as roo...
NetWin DMail 2.x,SurgeFTP 1.0/2.0 Weak Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform password encryption operations. As a...
imap security update
2002d-15 - Backport patch for buffer overflows in dmail and tmail from upstream version 2007d CVE-2008-5005, 469667...
DEBIAN-CVE-2008-5005
Multiple stack-based buffer overflows in 1 University of Washington IMAP Toolkit 2002 through 2007c, 2 University of Washington Alpine 2.00 and earlier, and 3 Panda IMAP allow a local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail...
University of Washington IMAP 'tmail'和'dmail'本地缓冲区溢出漏洞
BUGTRAQ ID: 32072 CNCAN ID:CNCAN-2008110404 University of Washington IMAP是一款IMAP协议实现。 University of Washington IMAP包含的'tmail'和'dmail'存在缓冲区溢出,本地攻击者可以利用漏洞以应用程序权限执行任意指令。 'tmail'和'dmail'应用程序在从命令行中处理文件夹扩展参数时缺少正确的边界检查,通过提交超长文件夹名可触发基于栈的缓冲区溢出。tmail可允许以root用户权限执行任意指令。 有问题代码如下: tmail.cchar getusername char...
imap-uw -- local buffer overflow vulnerabilities
SANS reports: University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data...
CVE-2005-1478
CVE-2005-1478 affects NetWin DMail 3.1a DSmtp (dsmtp.exe) where a format-string vulnerability in the xtellmail command allows remote code execution. The root cause is improper handling of format specifiers in DSmtp; impact is arbitrary code execution on the server. Public exploit details are not ...
CVE-2005-1516
DList dlist.exe in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the cmdsendlog function...
CVE-2005-1516
DList dlist.exe in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the cmdsendlog function...
CVE-2005-1516
The CVE-2005-1516 issue affects NetWin DMail 3.1a’s DList component. The vulnerability enables a remote attacker to bypass authentication, read log files, and shut down the system by sending a log request (sendlog) with an incorrect password hash, which is not properly handled by the internal _cm...
NetWin DMail Server Multiple Remote Vulnerabilities
The installation of NetWin DMail on the remote host suffers from an authentication bypass vulnerability in its mailing list server component, DList, and a format string vulnerability in the SMTP server component, DSmtp. An attacker can exploit the first to reveal potentially sensitive log...
[SA15242] NetWin DMail Server Two Vulnerabilities
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: NetWin DMail Server Two Vulnerabilities SECUNIA ADVISO...
NetWin DMail mail server multiple vulnerabilities
Unauthenticated maling lists access, SMTP format string vulnerability...
CVE-2001-1354
The CVE-2001-1354 entry concerns the NetWin Authentication module (NWAuth) versions 2.0 and 3.0b, as implemented in SurgeFTP and DMail (and possibly other packages). The root cause is weak password hashing used by NWAuth, which could enable local users to decrypt stored passwords or to log in wit...
CVE-2001-1354
NetWin Authentication module NWAuth 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password...
CVE-2001-1355
Buffer overflows in NetWin Authentication Module NWAuth 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to 1 the -del command or 2 the -lookup command...