85 matches found
GNU Mailutils imap4d 0.6 - Search Remote Format String
GNU Mailutils imap4d 0.6 - Search Remote Format String / GNU Mailutils 0.6 imap4d 'search' format string exploit. Ref: www.idefense.com/application/poi/display?id=303&type=vulnerabilities This silly exploit uses hardcoded values taken from GNU/Debian testing etch. $ ./imap4dsearchexpl -h 127.0.0....
Multiple GNU mailutils mail server and client tools vulnerabilities
imap4D IMAP server heap overflow, format string bug and DoS conditions, 'mail' and imap4d buffer overflows...
GNU Mailutils imap4d <= 0.6 Remote Format String Exploit
Exploit for linux platform in category remote exploits ======================================================== GNU Mailutils imap4d Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities email protected:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils...
GNU Mailutils imap4d <= 0.6 Remote Format String Exploit
No description provided by source. / mu-imap4dfsexp.c GNU Mailutils imap4d v0.6 remote format string exploit by CoKi [email protected] Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities coki@nosystem:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils...
GNU Mailutils imap4d 0.6 - Remote Format String
GNU Mailutils imap4d 0.6 - Remote Format String / mu-imap4dfsexp.c GNU Mailutils imap4d v0.6 remote format string exploit by CoKi Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities coki@nosystem:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils imap4d...
GNU Mailutils imap4d 0.6 - Remote Format String
/ mu-imap4dfsexp.c GNU Mailutils imap4d v0.6 remote format string exploit by CoKi Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities coki@nosystem:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils imap4d v0.6 remote format string exploit by CoKi use:...
GNU Mailutils imap4d 0.5 < 0.6.90 Remote Format String Exploit
Exploit for linux platform in category remote exploits ============================================================== GNU Mailutils imap4d 0.5 include include include include include include include include include include include // to be modified define GOT 0x080573fc static char bindshell= //b...
GNU Mailutils imap4d 0.5 < 0.6.90 Remote Format String Exploit
No description provided by source. / gun-imapd.c """"""""""" gnu mailutils-0.5 - mailutils-0.6.90 remote formatstring exploit written and tested on FC3. this is a first testing version and the onlyone to go public. by [email protected] / include stdio.h include string.h include unistd.h include...
GNU Mailutils imap4d 0.5 0.6.90 - Remote Format String
GNU Mailutils imap4d 0.5 0.6.90 - Remote Format String / gun-imapd.c """"""""""" gnu mailutils-0.5 - include include include include include include include include include include include // to be modified define GOT 0x080573fc static char bindshell= //by pr1 bind to :4096 "\x31\xc0" // xor...
GLSA-200506-02 : Mailutils: SQL Injection
The remote host is affected by the vulnerability described in GLSA-200506-02 Mailutils: SQL Injection When GNU Mailutils is built with the 'mysql' or 'postgres' USE flag, the sqlescapestring function of the authentication module fails to properly escape the '' character, rendering it vulnerable t...
Mailutils: SQL Injection
Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...
[SECURITY] [DSA 732-1] New mailutils packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 732-1 [email protected] http://www.debian.org/security/ Martin Schulze June 3rd, 2005 http://www.debian.org/security/faq -...
DSA-732-1 mailutils - several
Bulletin has no description...
Mailutils: Multiple vulnerabilities in imap4d and mail
Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags CAN-2005-1523, fails...
CVE-2005-1520
According to the connected advisories, CVE-2005-1520 affects GNU mailutils 0.5 and 0.6 (and pre-0.6.90); it is caused by a buffer overflow in header_get_field_name() in header.c, enabling remote code execution via a crafted email. Remediation in provided documents points to updating to fixed pack...
CVE-2005-1521
CVE-2005-1521 affects GNU Mailutils 0.5/0.6 and earlier than 0.6.90. The description identifies an integer overflow in the imap4d fetch_io function that can cause a heap-based buffer overflow, enabling a remote attacker to execute arbitrary code via a partial message request with a large END para...
CVE-2005-1522
The CVE-2005-1522 issue affects the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90. Authenticated remote users can trigger a denial of service (CPU consumption) by sending a large range value in the FETCH command. The connected advisories confirm a denial-of-service ...
CVE-2005-1523
CVE-2005-1523 : GNU Mailutils imap4d has a format-string vulnerability in IMAP command tags that allows remote code execution. Affected: imap4d before 0.6.90 (and 0.5/0.6). Impact: arbitrary code execution with IMAP service privileges. Mitigation: upgrade to a version where the issue is fixed (pe...
CVE-2005-1521
Integer overflow in the fetchio function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow...
CVE-2005-1523
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands...