CVSS: 9.0EPSS: 11%CPEs: 16EXPL: 1CVE-2006-6425 – Novell NetMail IMAP APPEND Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6425
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) de Novell NetMail anterior a 3.52e FTF2 permite a atacantes remotos autenticados ejecutar código de su elección mediante vectores no especificados que implican el parámetro APPEND. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP server's handling of the APPEND command. A lack of bounds checking on a specific parameter to this command can lead to a stack-based buffer overflow. • https://www.exploit-db.com/exploits/16488 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2080 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/258753 http://www.securityfocus.com/archive/1/455200/100/0/threaded http://www.securityfocus.com/bid/21723 http://www.vupen.com/english/advisories/2006/5134 http://www.zerodayinitiative.com/advisories/ZDI-06-054.html https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f&# •
CVSS: 9.0EPSS: 89%CPEs: 16EXPL: 1CVE-2006-6424 – Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6424
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. Múltiples desbordamientos de búfer en Novell NetMail anterior a 3.52e FTF2 permiten a atacantes remotos ejecutar código de su elección (1) añadiendo literales a ciertos verbos IMAP cuando se especifican peticiones de continuación de comandos a IMAPD, resultando en un desbordamiento de montón; y (2) mediante argumentos manipulados del el comando STOR para el demonio del protocolo de aplicaciones de mensajería en red (Network Messaging Application Protocol o NMAP), resultando en un desbordamiento de pila. This vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not sufficiently validate user-input length values when literals are appended to IMAP verbs to specify a command continuation request. • https://www.exploit-db.com/exploits/16813 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2081 http://securitytracker.com/id?1017437 http://www.cirt.dk/advisories/cirt-48-advisory.txt http://www.kb.cert.org/vuls/id/381161 http://www.kb.cert.org/vuls/id/912505 http://www.securityfocus.com/archive/1/455201/100/0/threaded http://www.securityfocus.com/archive/1/455202/100/0/threaded http://www.securityfocus.com/bid/21724 http://www.s •
CVSS: 1.7EPSS: 0%CPEs: 3EXPL: 0CVE-2005-1976
https://notcve.org/view.php?id=CVE-2005-1976
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. • http://secunia.com/advisories/15763 http://securitytracker.com/id?1014251 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm http://www.osvdb.org/17456 http://www.securityfocus.com/bid/14005 •
CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 1CVE-2005-3314 – Novell NetMail 3.52d - IMAP STATUS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-3314
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments." • https://www.exploit-db.com/exploits/16483 http://secunia.com/advisories/17641 http://securitytracker.com/id?1015240 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972665.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972672.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972673.htm http://www.osvdb.org/20956 http://www.securityfocus.com/bid/15491 http://www.vupen.com/english/advisories/2005/2494 http://www.zerodayinitiative.com/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2469
https://notcve.org/view.php?id=CVE-2005-2469
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0299.html http://secunia.com/advisories/15925 http://secunia.com/secunia_research/2005-23/advisory http://securitytracker.com/id?1015048 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm http://www.osvdb.org/19916 http://www.securityfocus.com/bid/15080 https:/ •