CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 4CVE-2007-4440 – Mercury/32 Mail SMTPD - Remote Stack Overrun (PoC)
https://notcve.org/view.php?id=CVE-2007-4440
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. Un desbordamiento de búfer en la región stack de la memoria en el servidor SMTP MercuryS en Mercury Mail Transport System, posiblemente versión 4.51 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de una cadena larga AUTH CRAM-MD5. NOTA: este podría solaparse con CVE-2006-5961. • https://www.exploit-db.com/exploits/4294 https://www.exploit-db.com/exploits/16821 https://www.exploit-db.com/exploits/4301 http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0341.html http://secunia.com/advisories/26519 http://www.pmail.com/m32_451.htm http://www.securityfocus.com/bid/25357 http://www.securitytracker.com/id?1018587 http://www.vupen.com/english/advisories/2007/2918 https://exchange.xforce.ibmcloud.com/vulnerabilities/36117 https://exchange.xforce&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 84%CPEs: 1EXPL: 4CVE-2007-1373 – Mercury/32 Mail Server 4.01b - 'check' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-1373
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. Desbordamientos de búfer basado en pila en Mercury/32 (también conocido comoMercury Mail Transport System) 4.01b y anteriores permiten a atacantes remotos ejecutar código de su elección a través de un comando LOGIN. NOTA: esto podría ser el mismo asunto que CVE-2006-5961. • https://www.exploit-db.com/exploits/3418 https://www.exploit-db.com/exploits/1223 https://www.exploit-db.com/exploits/16473 http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052802.html http://osvdb.org/33883 http://secunia.com/advisories/24367 http://securityreason.com/securityalert/2398 https://exchange.xforce.ibmcloud.com/vulnerabilities/32848 - •