CVSS: 9.0EPSS: 89%CPEs: 16EXPL: 1CVE-2006-6424 – Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6424
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. Múltiples desbordamientos de búfer en Novell NetMail anterior a 3.52e FTF2 permiten a atacantes remotos ejecutar código de su elección (1) añadiendo literales a ciertos verbos IMAP cuando se especifican peticiones de continuación de comandos a IMAPD, resultando en un desbordamiento de montón; y (2) mediante argumentos manipulados del el comando STOR para el demonio del protocolo de aplicaciones de mensajería en red (Network Messaging Application Protocol o NMAP), resultando en un desbordamiento de pila. This vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not sufficiently validate user-input length values when literals are appended to IMAP verbs to specify a command continuation request. • https://www.exploit-db.com/exploits/16813 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2081 http://securitytracker.com/id?1017437 http://www.cirt.dk/advisories/cirt-48-advisory.txt http://www.kb.cert.org/vuls/id/381161 http://www.kb.cert.org/vuls/id/912505 http://www.securityfocus.com/archive/1/455201/100/0/threaded http://www.securityfocus.com/archive/1/455202/100/0/threaded http://www.securityfocus.com/bid/21724 http://www.s •
CVSS: 1.7EPSS: 0%CPEs: 3EXPL: 0CVE-2005-1976
https://notcve.org/view.php?id=CVE-2005-1976
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. • http://secunia.com/advisories/15763 http://securitytracker.com/id?1014251 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm http://www.osvdb.org/17456 http://www.securityfocus.com/bid/14005 •
CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 1CVE-2005-3314 – Novell NetMail 3.52d - IMAP STATUS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-3314
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments." • https://www.exploit-db.com/exploits/16483 http://secunia.com/advisories/17641 http://securitytracker.com/id?1015240 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972665.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972672.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972673.htm http://www.osvdb.org/20956 http://www.securityfocus.com/bid/15491 http://www.vupen.com/english/advisories/2005/2494 http://www.zerodayinitiative.com/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2469
https://notcve.org/view.php?id=CVE-2005-2469
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0299.html http://secunia.com/advisories/15925 http://secunia.com/secunia_research/2005-23/advisory http://securitytracker.com/id?1015048 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm http://www.osvdb.org/19916 http://www.securityfocus.com/bid/15080 https:/ •
CVSS: 6.4EPSS: 1%CPEs: 19EXPL: 2CVE-2005-2176 – Novell NetMail 3.x - Automatic Script Execution
https://notcve.org/view.php?id=CVE-2005-2176
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. • https://www.exploit-db.com/exploits/25948 http://secunia.com/advisories/15962 http://securitytracker.com/id?1014439 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm http://www.osvdb.org/17821 http://www.securityfocus.com/bid/14171 http://www.vupen.com/english/advisories/2005/0994 •