CVE-2008-2049
https://notcve.org/view.php?id=CVE-2008-2049
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. El servidor POP3 (EPSTPOP3S.EXE) 4.22 en E-Post Mail Server 4.10 permite a atacantes remotos conseguir información sensible a través de múltiples comandos APOP manipulados para una cuenta POP3 conocida, la cual mostrará la contraseña en un mensaje de error del POP3. • http://secunia.com/advisories/29990 http://vuln.sg/epostmailserver410-en.html http://www.e-postinc.jp/Mail_Server.html http://www.securityfocus.com/bid/28951 http://www.securitytracker.com/id?1019930 http://www.vupen.com/english/advisories/2008/1389/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-0447
https://notcve.org/view.php?id=CVE-2006-0447
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. Múltiples desbordamientos de búfer en E-Post Mail Server 4.10 y SPA-PRO Mail @Solomon 4.00 permite a atacantes remotos ejecutar código de su elección mediante un nombre de usuario largo en las órdenes SMPT (1) AUTH PLAIN o (2) AUTH LOGIN, que no son manejadas adecuadamente por (a) EPSTRS.EXE o (b) SPA-RS.EXE; (3) un nombre de usuario largo en la orden POP3 APOP, que no es manejado adecuadamente por (c) EPSTOP4S, o (d) SPA-POP3S.EXE; (4) una orden IMAP DELETE larga, que no es manejada adecuadamente por (2) EPSTIMAP5S.EXE o (f) SPA-IMAP4S.EXE. • http://secunia.com/advisories/18480 http://secunia.com/secunia_research/2006-1/advisory http://www.osvdb.org/22761 http://www.osvdb.org/22762 http://www.osvdb.org/22763 http://www.securityfocus.com/bid/16379 http://www.vupen.com/english/advisories/2006/0318 https://exchange.xforce.ibmcloud.com/vulnerabilities/24331 https://exchange.xforce.ibmcloud.com/vulnerabilities/24333 https://exchange.xforce.ibmcloud.com/vulnerabilities/24334 •