CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 2CVE-2007-5094 – IPSwitch IMail Server 8.0x - Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2007-5094
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line. Desbordamiento de búfer basado en montículo en iaspam.dll en el servidor SMTP de Ipswitch IMail Server 8.01 hasta 8.11 permite a atacantes remotos ejecutar código de su elección mediante un conjunto de 4 mensajes de correo electrónico diferentes con un parámetro bounday largo en una determinada línea de cabecera Content-Type malformada, la cadena "MIME" por si misma en una línea en la cabecera, y un línea larga de cabecera Content-Transfer-Encoding. • https://www.exploit-db.com/exploits/4438 http://osvdb.org/39390 http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html http://www.securityfocus.com/bid/25762 https://exchange.xforce.ibmcloud.com/vulnerabilities/36723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 2EXPL: 1CVE-2007-3927 – IPSwitch IMail Server 2006 9.10 - Subscribe Remote Overflow
https://notcve.org/view.php?id=CVE-2007-3927
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe." Múltiples desbordamientos de búfer en Ipswitch IMail Server 2006 versiones anteriores a 2006.21 (1) permiten a atacantes remotos ejecutar código de su elección mediante vectores no especificados en Imailsec y (2) permiten a atacantes remotos tener un impacto desconocido mediante un vector no especificado relativo a "suscribir". • https://www.exploit-db.com/exploits/4228 http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease http://osvdb.org/45818 http://osvdb.org/45819 http://secunia.com/advisories/26123 http://www.securityfocus.com/bid/24962 http://www.securitytracker.com/id?1018421 http://www.vupen.com/english/advisories/2007/2574 https://exchange.xforce.ibmcloud.com/vulnerabilities/35504 https://exchange.xforce.ibmcloud.com/vulnerabilities/35505 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3926
https://notcve.org/view.php?id=CVE-2007-3926
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." Ipswitch IMail Server 2006 versiones anteriores a 2006.21 permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante vectores no especificados involucrando un "destructor de sobre-escritura". • http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease http://secunia.com/advisories/26123 http://www.vupen.com/english/advisories/2007/2574 •
CVSS: 6.5EPSS: 97%CPEs: 2EXPL: 2CVE-2007-3925 – Ipswitch IMail Server - IMAP SEARCH Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3925
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command. Múltiples desbordamientos de búfer en el servicio IMAP (imapd32.exe) de Ipswitch IMail Server 2006 versiones anteriores a 2006.21 permiten a atacantes remotos autenticados ejecutar código de su elección mediante el comando (1) Search ó (2) Search Charset. • https://www.exploit-db.com/exploits/16487 https://www.exploit-db.com/exploits/4223 http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 http://secunia.com/advisories/26123 http://www.securityfocus.com/bid/24962 http://www.securitytracker.com/id?1018419 http://www.vupen.com/english/advisories/2007/2574 https://exchange.xforce.ibmcloud.com/vulnerabilities/35496 https://exchange.xforce.ibmcl • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 15%CPEs: 2EXPL: 1CVE-2007-2795 – Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2795
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. Múltiple desbordamiento de búfer en Ipswitch IMail en versiones anteriores a 2006.21, permite a los atacantes remotos o usuarios autenticados ejecutar arbitrariamente código a través de (1) la característica de autenticación en IMailsec.dll, el cual lanza una corrupción del montículo en IMail Server, o (2) a comando largo SUBSCRIBE IMAP, el cual laza un desbordamiento de búfer basado en pila en el Daemon IMAP. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during theparsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs. • https://www.exploit-db.com/exploits/9662 http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.zerodayinitiative.com/advisories/ZDI-07-042 http://www.zerodayinitiative.com/advisories/ZDI-07-043 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •