CVE-2001-0039

IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes...

DoS by SMTP AUTH command in IPSwitch IMail server

Dear folks, I found a kind of DoS to handle SMTP AUTH command in IPSwitch IMail server version 6.0.5. IPSwitch ships a product titled IMail, an email server for usage on NT servers serving SMTP, POP3, IMAP4, LDAP etc. It supports SMTP AUTH commands RFC2554 and several authenticate methods to...

CVE-2000-0780

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. dot dot attack...

CVE-2000-0780

The CVE-2000-0780 entry concerns the IPSWITCH IMail web server (versions 6.04 and earlier) vulnerable to a directory-traversal (dot-dot) attack that allows remote attackers to read and delete arbitrary files. The vulnerability is described as affecting the web server component, with impact descri...

CVE-2000-0780

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. dot dot attack...

CVE-2000-0301

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command...

Vulnerability Report On IPSWITCH's IMail

Vulnerability Report On IPSWITCH's IMail Date Published: August 30 2000 Advisory ID: TS003 Bugtraq ID: http://www.securityfocus.com/bid/1617 CVE CAN: None at this time Title: IPSWITCH IMail File Attachment Vulnerability Class: Access Validation Error Remotely Exploitable: Yes Locally Exploitable:...

Imail Web Service Remote DoS Attack v.2

Imail Web Service Remote DoS Attack v.2 Release Date: August 17, 2000 Systems Affected: Ipswitch Imail 6.00 2-1 Description: The following is a simple DoS we found while working on Retina's CHAMCommon Hacking Attack Methods HTTP auditing module which should be released within the next two weeks...

DST2K0009.txt

================================================================================ Delphis Consulting Plc ================================================================================ Security Team Advisories 31/05/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

CVE-2000-0301

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command...

CVE-1999-0284

CVE-1999-0284 describes a DoS vulnerability in SMTP HELO handling causing remote crash via a too-long HELO argument, affecting NT mail servers including Ipswitch, Mdaemon, and Exchange. Related advisories in the dataset (e.g., SLMail, Lotus Notes) describe similar HELO-based DoS issues. Root caus...

Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor 'status.cgi' Denial of Service

source: https://www.securityfocus.com/bid/914/info IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is...

CVE-1999-1497

Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts...

Ipswitch IMail Server 7/8 - Weak Password Encryption

// source: https://www.securityfocus.com/bid/10956/info Ipswitch IMail is reported to use a weak encryption algorithm when obfuscating saved passwords. A local attacker who has the ability to read the encrypted passwords may easily derive the plaintext password if the username that is associated...

imail.txt

w00w00 Security Development WSD See http://www.datasurge.net/www.w00w00.org until relocation of w00w00.org is complete. Discovered by: Interrupt [email protected] Due to improper bounds checking in Ipswitch's IMAIL POP3 server, a buffer overflow occurs when a lengthy username is sent via "USER ". It...

Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC)

/ source: https://www.securityfocus.com/bid/789/info There is a buffer overflow in the username field when the username is between 200 and 500 characters. Although it may be possible to execute arbitrary code on the vulnerable server, current exploits only cause a denial of service on the remote...

Ipswitch IMail 5.0.55.0.65.0.7 - POP3 Denial of Service Buffer Overflow (PoC)

Ipswitch IMail 5.0.55.0.65.0.7 - POP3 Denial of Service Buffer Overflow PoC / source: https://www.securityfocus.com/bid/789/info There is a buffer overflow in the username field when the username is between 200 and 500 characters. Although it may be possible to execute arbitrary code on the...

CVE-1999-1551

Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service crash and possibly execute arbitrary commands via a long URL...

Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC)

source: https://www.securityfocus.com/bid/502/info The imapd login process is susceptible to a buffer overflow attack which will crash the service. Telnet to target machine, port 143 OK IMAP4 Server IMail 4.06 X LOGIN glob1 glob2 Where glob1 is 1200 characters and glob2 is 1300 characters...

Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC)

source: https://www.securityfocus.com/bid/504/info The IMail IMonitor service can be crashed by exploiting a buffer overflow vulnerability. Telnet to target machine, port 8181 Send: glob1 hit enter twice Where glob1 is 2045 characters...