Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

The host is running Ipswitch IMail Server and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodipswitchimailserverstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability Authors...

Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

Ipswitch IMail Server is prone to plaintext command injection vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

Command injection

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

CVE-2011-1430

Technical details for CVE-2011-1430 are not present in the connected documents. The initial description states a STARTTLS plaintext command-injection issue in Ipswitch IMail 11.03 and earlier, but no vendor/product/version/root-cause or remediation details are provided.

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...

Ipswitch TFTP Server Directory Traversal

Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...

Ipswitch TFTP Server Directory Traversal

Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...

Ipswitch TFTP Server Directory Traversal

Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...

Ipswitch TFTP Server Directory Traversal

Added: 02/16/2011 BID: 50890 OSVDB: 77455 Background Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server. Problem The Ipswitch TFTP Server version 1.0.0.24 has a director...

Ipswitch WS_FTP Server 5.03 - MKD Overflow (Metasploit)

$Id: wsftpserver503mkd.rb 10559 2010-10-05 23:41:17Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Ipswitch Imail Server List Mailer Reply-To Address Memory Corruption

Exploit for windows platform in category dos / poc ==================================================================== Ipswitch Imail Server List Mailer Reply-To Address Memory Corruption ==================================================================== Title : Ipswitch Imail Server List Mail...

Month Of Abysssec Undisclosed Bugs - Ipswitch Imail Server

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | To: To Person """ ReplayCount = 5 while ReplayCount0: message = message + "Reply-To:" counter = 3 while counter0: if counter != 50000 : message = message + "," message = message + "Reply-To: " message = message +...

Ipswitch Imail Server - List Mailer Reply-To Address Memory Corruption

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | To: To Person """ ReplayCount = 5 while ReplayCount0: message = message + "Reply-To:" counter = 3 while counter0: if counter != 50000 : message = message + "," message = message + "Reply-To: " message = message +...

Ipswitch Imail Server - List Mailer Reply-To Address Memory Corruption

Ipswitch Imail Server - List Mailer Reply-To Address Memory Corruption ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | To: To Person """ ReplayCount = 5 while ReplayCount0: message = message + "Reply-To:" counter = 3 while counter0: if counter != 50000 : message...

Ipswitch IMail Server Mailing List Message Subject Buffer Overflow

The Ipswitch IMail Server is a mail server product geared towards medium to large size organizations. It contains implementations of POP3, IMAP4, and SMTP servers. The SMTP server module is installed and started in a default installation. A buffer overflow vulnerability has been reported in...

ZDI-10-126: Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vulnerability

ZDI-10-126: Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-126 July 15, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Ipswitch -- Affected Products: Ipswitch IMail -- TippingPointTM IPS...

Ipswitch Imail multiple security vulnerabilities

Format string vulnerabilities, unfiltered shell-characters, code execution...

ZDI-10-128: Ipswitch Imail Server Queuemgr Format String Remote Code Execution Vulnerability

ZDI-10-128: Ipswitch Imail Server Queuemgr Format String Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-128 July 15, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Ipswitch -- Affected Products: Ipswitch IMail -- TippingPointTM IPS Custom...