CVSS: 6.8EPSS: 31%CPEs: 6EXPL: 0CVE-2007-6302 – Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6302
Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." Múltiples desbordamientos de búfer en la región heap de la memoria en el archivo avirus.exe en Novell NetMail versiones 3.5.2 anteriores a Messaging Architects M+NetMail versión 3.52f (también se conoce como 3.5.2F), permite a los atacantes remotos ejecutar código arbitrario por medio de enteros ASCII no especificados usados como argumentos de asignación de memoria, también se conoce como "ZDI-CAN-162". These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. • http://secunia.com/advisories/27974 http://www.messagingarchitects.com/en/support/mplusnetmail/docs/readme.pdf http://www.securityfocus.com/archive/1/484843/100/0/threaded http://www.securityfocus.com/bid/26753 http://www.securitytracker.com/id?1019063 http://www.vupen.com/english/advisories/2007/4112 http://www.zerodayinitiative.com/advisories/ZDI-07-072.html https://exchange.xforce.ibmcloud.com/vulnerabilities/38909 https://secure-support.novell.com/KanisaPlatform/Publishing/990/3639135_f.SA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 58%CPEs: 9EXPL: 0CVE-2007-2616
https://notcve.org/view.php?id=CVE-2007-2616
Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. Desbordamiento de búfer basado en pila en la versión SSL del servicio NMDMC.EXE en Novell NetMail 3.52e FTF2 y posiblemente anteriores permite a atacantes remotos ejecutar código de su elección a través de una respuesta manipulada. • http://download.novell.com/Download?buildid=Ad2xk29hHTg~ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=532 http://osvdb.org/35941 http://secunia.com/advisories/25204 http://www.securityfocus.com/bid/23916 http://www.securitytracker.com/id?1018045 http://www.vupen.com/english/advisories/2007/1732 https://exchange.xforce.ibmcloud.com/vulnerabilities/34221 •
CVSS: 6.8EPSS: 94%CPEs: 6EXPL: 0CVE-2007-1350 – Novell Netmail WebAdmin Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-1350
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. Desbordamiento basado en pila en el webadmin.exe del Novell NetMail 3.5.2 permite a atacantes remotos ejecutar código de su elección mediante un nombre de usuario largo durante la autenticación HTTP Básica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port 89. During HTTP Basic authentication, a long username of at least 213 bytes will trigger a stack based buffer overflow due to a vulnerable sprintf() call. • http://download.novell.com/Download?buildid=sMYRODW09pw http://secunia.com/advisories/24445 http://securityreason.com/securityalert/2395 http://www.kb.cert.org/vuls/id/919369 http://www.securityfocus.com/archive/1/462154/100/0/threaded http://www.securityfocus.com/bid/22857 http://www.securitytracker.com/id?1017734 http://www.vupen.com/english/advisories/2007/0870 http://www.zerodayinitiative.com/advisories/ZDI-07-009.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32861 •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6762
https://notcve.org/view.php?id=CVE-2006-6762
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. El demonio IMAP (IMAPD) en Novell NetMail anterior a 3.52e FTF2 permite a usuarios remotos autenticados provocar una denegación de servicio mediante el parámetro APPEND con un "(" (paréntesis) en el argumento. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455 http://secunia.com/advisories/23437 http://www.kb.cert.org/vuls/id/944273 http://www.securityfocus.com/bid/21729 http://www.vupen.com/english/advisories/2006/5134 https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html •
CVSS: 6.5EPSS: 14%CPEs: 6EXPL: 2CVE-2006-6761 – Novell NetMail 3.52d - IMAP Subscribe Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6761
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) en Novell NetMail anterior a 3.52e FTF2 permite a usuarios remotos autenticados ejecutar código de su elección mediante un argumento largo en el comando SUBSCRIBE. • https://www.exploit-db.com/exploits/16478 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=454 http://secunia.com/advisories/23437 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/863313 http://www.securityfocus.com/bid/21728 http://www.vupen.com/english/advisories/2006/5134 https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html •