CVE-2007-3959
https://notcve.org/view.php?id=CVE-2007-3959
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. El IM Server (también conocido como a IMserve or IMserver) 2.0.5.30 y probablemente versiones anteriores en Ipswitch Instant Messaging versiones anteriores a 2.07 en Ipswitch Collaboration Suite (ICS) permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante determinados datos al puerto TCP 5179 que sobre-escribe un destructor, como se puede reproducir con las funciones (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, y (4) DoAttachAudioReceiver • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566 http://secunia.com/advisories/26154 http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp http://www.securityfocus.com/bid/25031 http://www.securitytracker.com/id?1018440 http://www.vupen.com/english/advisories/2007/2621 •
CVE-2007-3925 – Ipswitch IMail Server - IMAP SEARCH Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3925
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command. Múltiples desbordamientos de búfer en el servicio IMAP (imapd32.exe) de Ipswitch IMail Server 2006 versiones anteriores a 2006.21 permiten a atacantes remotos autenticados ejecutar código de su elección mediante el comando (1) Search ó (2) Search Charset. • https://www.exploit-db.com/exploits/16487 https://www.exploit-db.com/exploits/4223 http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 http://secunia.com/advisories/26123 http://www.securityfocus.com/bid/24962 http://www.securitytracker.com/id?1018419 http://www.vupen.com/english/advisories/2007/2574 https://exchange.xforce.ibmcloud.com/vulnerabilities/35496 https://exchange.xforce.ibmcl • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3927 – IPSwitch IMail Server 2006 9.10 - Subscribe Remote Overflow
https://notcve.org/view.php?id=CVE-2007-3927
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe." Múltiples desbordamientos de búfer en Ipswitch IMail Server 2006 versiones anteriores a 2006.21 (1) permiten a atacantes remotos ejecutar código de su elección mediante vectores no especificados en Imailsec y (2) permiten a atacantes remotos tener un impacto desconocido mediante un vector no especificado relativo a "suscribir". • https://www.exploit-db.com/exploits/4228 http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease http://osvdb.org/45818 http://osvdb.org/45819 http://secunia.com/advisories/26123 http://www.securityfocus.com/bid/24962 http://www.securitytracker.com/id?1018421 http://www.vupen.com/english/advisories/2007/2574 https://exchange.xforce.ibmcloud.com/vulnerabilities/35504 https://exchange.xforce.ibmcloud.com/vulnerabilities/35505 •
CVE-2007-1637
https://notcve.org/view.php?id=CVE-2007-1637
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. Múltiples desbordamientos de búfer en el control ActiveX IMAILAPILib (IMailAPI.dll) en Ipswitch IMail Server anterior a 2006.2 permite a atacantes remotos ejecutar código de su elección a través de los miembros (1) WebConnect y (2) Connect en el control (a)IMailServer; miembros (3) Sync3 y (4) Init3 en el control (b) IMailLDAPService y el miembro (5) SetReplyTo en el control (c)IMailUserCollection. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487 http://secunia.com/advisories/24422 http://support.ipswitch.com/kb/IM-20070305-JH01.htm http://www.securitytracker.com/id?1017737 http://www.vupen.com/english/advisories/2007/0853 •
CVE-2006-4379 – Ipswitch Collaboration Suite SMTP Server Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-4379
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. Desbordamiento de búfer basado en montón en SMTP Daemon en Ipswitch Collaboration 2006 Suite Premium y Standard Editions, IMail, IMail Plus, e IMail Secure, permite a un atacante remoto ejecutar código de su elección a través de una cadena larga situada después del caracter “@” y antes del carácter “: ”. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite and IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. • https://www.exploit-db.com/exploits/2601 https://www.exploit-db.com/exploits/3264 https://www.exploit-db.com/exploits/3265 http://secunia.com/advisories/21795 http://securitytracker.com/id?1016803 http://securitytracker.com/id?1016804 http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp http://www.securityfocus.com/archive/1/445521/100/0/threaded http://www.securityfocus.com/bid/19885 http://www.vupen.com& •