13 results (0.012 seconds)

CVSS: 6.8EPSS: 31%CPEs: 6EXPL: 0

Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." Múltiples desbordamientos de búfer en la región heap de la memoria en el archivo avirus.exe en Novell NetMail versiones 3.5.2 anteriores a Messaging Architects M+NetMail versión 3.52f (también se conoce como 3.5.2F), permite a los atacantes remotos ejecutar código arbitrario por medio de enteros ASCII no especificados usados como argumentos de asignación de memoria, también se conoce como "ZDI-CAN-162". These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. • http://secunia.com/advisories/27974 http://www.messagingarchitects.com/en/support/mplusnetmail/docs/readme.pdf http://www.securityfocus.com/archive/1/484843/100/0/threaded http://www.securityfocus.com/bid/26753 http://www.securitytracker.com/id?1019063 http://www.vupen.com/english/advisories/2007/4112 http://www.zerodayinitiative.com/advisories/ZDI-07-072.html https://exchange.xforce.ibmcloud.com/vulnerabilities/38909 https://secure-support.novell.com/KanisaPlatform/Publishing/990/3639135_f.SA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 94%CPEs: 6EXPL: 0

Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. Desbordamiento basado en pila en el webadmin.exe del Novell NetMail 3.5.2 permite a atacantes remotos ejecutar código de su elección mediante un nombre de usuario largo durante la autenticación HTTP Básica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port 89. During HTTP Basic authentication, a long username of at least 213 bytes will trigger a stack based buffer overflow due to a vulnerable sprintf() call. • http://download.novell.com/Download?buildid=sMYRODW09pw http://secunia.com/advisories/24445 http://securityreason.com/securityalert/2395 http://www.kb.cert.org/vuls/id/919369 http://www.securityfocus.com/archive/1/462154/100/0/threaded http://www.securityfocus.com/bid/22857 http://www.securitytracker.com/id?1017734 http://www.vupen.com/english/advisories/2007/0870 http://www.zerodayinitiative.com/advisories/ZDI-07-009.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32861 •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. El demonio IMAP (IMAPD) en Novell NetMail anterior a 3.52e FTF2 permite a usuarios remotos autenticados provocar una denegación de servicio mediante el parámetro APPEND con un "(" (paréntesis) en el argumento. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455 http://secunia.com/advisories/23437 http://www.kb.cert.org/vuls/id/944273 http://www.securityfocus.com/bid/21729 http://www.vupen.com/english/advisories/2006/5134 https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html •

CVSS: 6.5EPSS: 14%CPEs: 6EXPL: 2

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) en Novell NetMail anterior a 3.52e FTF2 permite a usuarios remotos autenticados ejecutar código de su elección mediante un argumento largo en el comando SUBSCRIBE. • https://www.exploit-db.com/exploits/16478 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=454 http://secunia.com/advisories/23437 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/863313 http://www.securityfocus.com/bid/21728 http://www.vupen.com/english/advisories/2006/5134 https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html •

CVSS: 9.0EPSS: 11%CPEs: 16EXPL: 1

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) de Novell NetMail anterior a 3.52e FTF2 permite a atacantes remotos autenticados ejecutar código de su elección mediante vectores no especificados que implican el parámetro APPEND. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP server's handling of the APPEND command. A lack of bounds checking on a specific parameter to this command can lead to a stack-based buffer overflow. • https://www.exploit-db.com/exploits/16488 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2080 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/258753 http://www.securityfocus.com/archive/1/455200/100/0/threaded http://www.securityfocus.com/bid/21723 http://www.vupen.com/english/advisories/2006/5134 http://www.zerodayinitiative.com/advisories/ZDI-06-054.html https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f&# •