Vulnerabilites related to ipswitch - imail
CVE-2002-1077 (GCVE-0-2002-1077)
Vulnerability from cvelistv5
Published
2002-08-31 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5365 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9722.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020730 IPSwitch IMail Advisory #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"name": "5365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5365"
},
{
"name": "imail-iwebcal-content-length-dos(9722)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9722.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020730 IPSwitch IMail Advisory #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"name": "5365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5365"
},
{
"name": "imail-iwebcal-content-length-dos(9722)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9722.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020730 IPSwitch IMail Advisory #2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"name": "5365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5365"
},
{
"name": "imail-iwebcal-content-length-dos(9722)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9722.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1077",
"datePublished": "2002-08-31T04:00:00",
"dateReserved": "2002-08-30T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1281 (GCVE-0-2001-1281)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3429 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3429"
},
{
"name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3429"
},
{
"name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3429"
},
{
"name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1281",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1211 (GCVE-0-2001-1211)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.ipswitch.com/kb/IM-20011219-DM01.htm | x_refsource_MISC | |
| http://www.securityfocus.com/bid/3766 | vdb-entry, x_refsource_BID | |
| http://support.ipswitch.com/kb/IM-20020301-DM02.htm | x_refsource_MISC | |
| http://www.iss.net/security_center/static/7752.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/247786 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm"
},
{
"name": "3766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm"
},
{
"name": "imail-admin-domain-change(7752)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"name": "20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/247786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm"
},
{
"name": "3766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm"
},
{
"name": "imail-admin-domain-change(7752)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"name": "20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/247786"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm",
"refsource": "MISC",
"url": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm"
},
{
"name": "3766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3766"
},
{
"name": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm",
"refsource": "MISC",
"url": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm"
},
{
"name": "imail-admin-domain-change(7752)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"name": "20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/247786"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1211",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1280 (GCVE-0-2001-1280)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3424 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3424"
},
{
"name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3424"
},
{
"name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3424"
},
{
"name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1280",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0056 (GCVE-0-2000-0056)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/914 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "914",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "914",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/914"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/914"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0056",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-01-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1282 (GCVE-0-2001-1282)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3426 | vdb-entry, x_refsource_BID | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3426"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1282",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1551 (GCVE-0-1999-1551)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/1898 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/505 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=92038879607336&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imail-websvc-overflow(1898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1898"
},
{
"name": "505",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/505"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "imail-websvc-overflow(1898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1898"
},
{
"name": "505",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/505"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imail-websvc-overflow(1898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1898"
},
{
"name": "505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/505"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1551",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0019 (GCVE-0-2000-0019)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IMail POP3 daemon uses weak encryption, which allows local users to read files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IMail POP3 daemon uses weak encryption, which allows local users to read files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:19:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMail POP3 daemon uses weak encryption, which allows local users to read files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0019",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "2000-01-11T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1285 (GCVE-0-2001-1285)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3432 | vdb-entry, x_refsource_BID | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3432",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3432"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3432",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3432"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3432"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1285",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1171 (GCVE-0-1999-1171)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=ntbugtraq&m=91816507920544&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.securityfocus.com/bid/218 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990204 WS FTP Server Remote DoS Attack",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"name": "218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990204 WS FTP Server Remote DoS Attack",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"name": "218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990204 WS FTP Server Remote DoS Attack",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"name": "218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1171",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:02:53.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1637 (GCVE-0-2007-1637)
Vulnerability from cvelistv5
Published
2007-03-23 22:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/0853 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24422 | third-party-advisory, x_refsource_SECUNIA | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id?1017737 | vdb-entry, x_refsource_SECTRACK | |
| http://support.ipswitch.com/kb/IM-20070305-JH01.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0853",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0853"
},
{
"name": "24422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24422"
},
{
"name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"name": "1017737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0853",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0853"
},
{
"name": "24422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24422"
},
{
"name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"name": "1017737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0853",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0853"
},
{
"name": "24422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24422"
},
{
"name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"name": "1017737",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017737"
},
{
"name": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm",
"refsource": "CONFIRM",
"url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1637",
"datePublished": "2007-03-23T22:00:00",
"dateReserved": "2007-03-23T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1286 (GCVE-0-2001-1286)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3432 | vdb-entry, x_refsource_BID | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC | |
| http://online.securityfocus.com/archive/1/261096 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3432",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3432"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20020310 IMail Account hijack through the Web Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.04 and earlier stores a user\u0027s session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker\u0027s control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3432",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3432"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20020310 IMail Account hijack through the Web Interface",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch IMail 7.04 and earlier stores a user\u0027s session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker\u0027s control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3432"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "20020310 IMail Account hijack through the Web Interface",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1286",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2160 (GCVE-0-2005-2160)
Vulnerability from cvelistv5
Published
2005-07-06 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112060187204457&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050705 Imail Cookie Vulnerability (unhashed)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050705 Imail Cookie Vulnerability (unhashed)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050705 Imail Cookie Vulnerability (unhashed)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2160",
"datePublished": "2005-07-06T04:00:00",
"dateReserved": "2005-07-06T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1252 (GCVE-0-2005-1252)
Vulnerability from cvelistv5
Published
2005-05-25 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/13727 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1014047 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050524 Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050524 Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050524 Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1252",
"datePublished": "2005-05-25T04:00:00",
"dateReserved": "2005-04-25T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0825 (GCVE-0-2000-0825)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5475 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/2011 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=ntbugtraq&m=96654521004571&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://marc.info/?l=bugtraq&m=96659012127444&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html | mailing-list, x_refsource_WIN2KSEC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipswitch-imail-remote-dos(5475)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
},
{
"name": "2011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2011"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipswitch-imail-remote-dos(5475)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
},
{
"name": "2011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2011"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"tags": [
"mailing-list",
"x_refsource_WIN2KSEC"
],
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipswitch-imail-remote-dos(5475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
},
{
"name": "2011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2011"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"name": "20000817 Imail Web Service Remote DoS Attack v.2",
"refsource": "WIN2KSEC",
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0825",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2000-10-15T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0297 (GCVE-0-2004-0297)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/972334 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/9682 | vdb-entry, x_refsource_BID | |
| http://www.idefense.com/application/poi/display?id=74 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15243 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/3984 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#972334",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"name": "9682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9682"
},
{
"name": "20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html"
},
{
"name": "imail-ldap-tag-bo(15243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
},
{
"name": "3984",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#972334",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"name": "9682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9682"
},
{
"name": "20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html"
},
{
"name": "imail-ldap-tag-bo(15243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
},
{
"name": "3984",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#972334",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"name": "9682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9682"
},
{
"name": "20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html"
},
{
"name": "imail-ldap-tag-bo(15243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
},
{
"name": "3984",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0297",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1557 (GCVE-0-1999-1557)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/1895 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=92038879607336&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imail-imap-overflow(1895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
},
{
"name": "19990301 Multiple IMail Vulnerabilites",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "imail-imap-overflow(1895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
},
{
"name": "19990301 Multiple IMail Vulnerabilites",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imail-imap-overflow(1895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
},
{
"name": "19990301 Multiple IMail Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1557",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0494 (GCVE-0-2001-0494)
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ipswitch.com/Support/IMail/news.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6445 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5610 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ipswitch.com/Support/IMail/news.html"
},
{
"name": "ipswitch-imail-smtp-bo(6445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
},
{
"name": "5610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5610"
},
{
"name": "20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ipswitch.com/Support/IMail/news.html"
},
{
"name": "ipswitch-imail-smtp-bo(6445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
},
{
"name": "5610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5610"
},
{
"name": "20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ipswitch.com/Support/IMail/news.html",
"refsource": "CONFIRM",
"url": "http://ipswitch.com/Support/IMail/news.html"
},
{
"name": "ipswitch-imail-smtp-bo(6445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
},
{
"name": "5610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5610"
},
{
"name": "20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0494",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1497 (GCVE-0-1999-1497)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/39329 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/880 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19991221 [w00giving \u002799 #11] IMail\u0027s password encryption scheme",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"name": "880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19991221 [w00giving \u002799 #11] IMail\u0027s password encryption scheme",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"name": "880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991221 [w00giving \u002799 #11] IMail\u0027s password encryption scheme",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"name": "880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1497",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1256 (GCVE-0-2005-1256)
Vulnerability from cvelistv5
Published
2005-05-25 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/13727 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1014047 | vdb-entry, x_refsource_SECTRACK | |
| http://www.idefense.com/application/poi/display?id=244&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1256",
"datePublished": "2005-05-25T04:00:00",
"dateReserved": "2005-04-25T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1283 (GCVE-0-2001-1283)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/3427 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3427"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3427"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3427"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1283",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1287 (GCVE-0-2001-1287)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/3431 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011012 def-2001-29",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011012 def-2001-29",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011012 def-2001-29",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1287",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5094 (GCVE-0-2007-5094)
Vulnerability from cvelistv5
Published
2007-09-26 22:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/4438 | exploit, x_refsource_EXPLOIT-DB | |
| http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36723 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25762 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/39390 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4438",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4438"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html"
},
{
"name": "ipswitch-imail-bo(36723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36723"
},
{
"name": "25762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25762"
},
{
"name": "39390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string \"MIME\" by itself on a line in the header, and a long Content-Transfer-Encoding header line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4438",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4438"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html"
},
{
"name": "ipswitch-imail-bo(36723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36723"
},
{
"name": "25762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25762"
},
{
"name": "39390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string \"MIME\" by itself on a line in the header, and a long Content-Transfer-Encoding header line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4438",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4438"
},
{
"name": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html",
"refsource": "MISC",
"url": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html"
},
{
"name": "ipswitch-imail-bo(36723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36723"
},
{
"name": "25762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25762"
},
{
"name": "39390",
"refsource": "OSVDB",
"url": "http://osvdb.org/39390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5094",
"datePublished": "2007-09-26T22:00:00",
"dateReserved": "2007-09-26T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1076 (GCVE-0-2002-1076)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html | mailing-list, x_refsource_BUGTRAQ | |
| http://support.ipswitch.com/kb/IM-20020731-DM02.htm | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/9679.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5323 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html | mailing-list, x_refsource_BUGTRAQ | |
| http://support.ipswitch.com/kb/IM-20020729-DM01.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"name": "20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm"
},
{
"name": "imail-web-messaging-bo(9679)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9679.php"
},
{
"name": "5323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5323"
},
{
"name": "20020729 Hoax Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"name": "20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm"
},
{
"name": "imail-web-messaging-bo(9679)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9679.php"
},
{
"name": "5323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5323"
},
{
"name": "20020729 Hoax Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"name": "20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"name": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm",
"refsource": "CONFIRM",
"url": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm"
},
{
"name": "imail-web-messaging-bo(9679)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9679.php"
},
{
"name": "5323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5323"
},
{
"name": "20020729 Hoax Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"name": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm",
"refsource": "CONFIRM",
"url": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1076",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-30T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1254 (GCVE-0-2005-1254)
Vulnerability from cvelistv5
Published
2005-05-25 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/13727 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1014047 | vdb-entry, x_refsource_SECTRACK | |
| http://www.idefense.com/application/poi/display?id=241&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP SELECT Command DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP SELECT Command DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP SELECT Command DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1254",
"datePublished": "2005-05-25T04:00:00",
"dateReserved": "2005-04-25T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2422 (GCVE-0-2004-2422)
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/9552 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17222 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17219 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/9554 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/11106 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/12453 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1011146 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9552",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9552"
},
{
"name": "ipswitch-web-messaging-dos(17222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17222"
},
{
"name": "ipswitch-queue-manager-dos(17219)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17219"
},
{
"name": "9554",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9554"
},
{
"name": "11106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"name": "12453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"name": "1011146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9552",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9552"
},
{
"name": "ipswitch-web-messaging-dos(17222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17222"
},
{
"name": "ipswitch-queue-manager-dos(17219)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17219"
},
{
"name": "9554",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9554"
},
{
"name": "11106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"name": "12453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"name": "1011146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9552",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9552"
},
{
"name": "ipswitch-web-messaging-dos(17222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17222"
},
{
"name": "ipswitch-queue-manager-dos(17219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17219"
},
{
"name": "9554",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9554"
},
{
"name": "11106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11106"
},
{
"name": "12453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12453"
},
{
"name": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES",
"refsource": "CONFIRM",
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"name": "1011146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2422",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1430 (GCVE-0-2011-1430)
Vulnerability from cvelistv5
Published
2011-03-16 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/MAPG-8DBRD4 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/71020 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/43676 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/46767 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/555316 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2011/0609 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8DBRD4"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "71020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71020"
},
{
"name": "43676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43676"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "ADV-2011-0609",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8DBRD4"
},
{
"name": "multiple-starttls-command-execution(65932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "71020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71020"
},
{
"name": "43676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43676"
},
{
"name": "46767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "ADV-2011-0609",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8DBRD4",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8DBRD4"
},
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "71020",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71020"
},
{
"name": "43676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43676"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "ADV-2011-0609",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1430",
"datePublished": "2011-03-16T22:00:00",
"dateReserved": "2011-03-16T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1255 (GCVE-0-2005-1255)
Vulnerability from cvelistv5
Published
2005-05-25 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/13727 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1014047 | vdb-entry, x_refsource_SECTRACK | |
| http://www.idefense.com/application/poi/display?id=243&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"name": "13727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"name": "1014047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014047"
},
{
"name": "20050524 Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1255",
"datePublished": "2005-05-25T04:00:00",
"dateReserved": "2005-04-25T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2423 (GCVE-0-2004-2423)
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/9553 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17220 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11106 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/12453 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1011146 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9553",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9553"
},
{
"name": "ipswitch-web-calendaring-dos(17220)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17220"
},
{
"name": "11106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"name": "12453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"name": "1011146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via \"specific content.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9553",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9553"
},
{
"name": "ipswitch-web-calendaring-dos(17220)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17220"
},
{
"name": "11106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"name": "12453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"name": "1011146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via \"specific content.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9553",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9553"
},
{
"name": "ipswitch-web-calendaring-dos(17220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17220"
},
{
"name": "11106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11106"
},
{
"name": "12453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12453"
},
{
"name": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES",
"refsource": "CONFIRM",
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"name": "1011146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2423",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1046 (GCVE-0-1999-1046)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/504 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=92038879607336&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/1897 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/504"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"name": "imail-imonitor-overflow(1897)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/504"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"name": "imail-imonitor-overflow(1897)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/504"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"name": "imail-imonitor-overflow(1897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1046",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1284 (GCVE-0-2001-1284)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/3428 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3428"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3428"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "MISC",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "3428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3428"
},
{
"name": "20011011 Ipswitch Imail 7.04 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1284",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1520 (GCVE-0-2004-1520)
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/13200 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=110037283803560&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18058 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11675 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13200"
},
{
"name": "20041112 IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"name": "ipswitch-delete-bo(18058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"name": "11675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13200"
},
{
"name": "20041112 IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"name": "ipswitch-delete-bo(18058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"name": "11675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13200"
},
{
"name": "20041112 IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"name": "ipswitch-delete-bo(18058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"name": "11675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1520",
"datePublished": "2005-02-19T05:00:00",
"dateReserved": "2005-02-18T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0777 (GCVE-0-2002-0777)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9116.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4780 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imail-ldap-bo(9116)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"name": "4780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4780"
},
{
"name": "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "imail-ldap-bo(9116)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"name": "4780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4780"
},
{
"name": "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imail-ldap-bo(9116)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"name": "4780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4780"
},
{
"name": "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0777",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:47.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0301 (GCVE-0-2000-0301)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.ipswitch.com/kb/IM-20000208-DM02.htm | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=95505800117143&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1094 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ipswitch.com/kb/IM-20000208-DM02.htm"
},
{
"name": "20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"name": "1094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ipswitch.com/kb/IM-20000208-DM02.htm"
},
{
"name": "20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"name": "1094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ipswitch.com/kb/IM-20000208-DM02.htm",
"refsource": "CONFIRM",
"url": "http://support.ipswitch.com/kb/IM-20000208-DM02.htm"
},
{
"name": "20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"name": "1094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0301",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-04-26T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1170 (GCVE-0-1999-1170)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=ntbugtraq&m=91816507920544&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.securityfocus.com/bid/218 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990204 WS FTP Server Remote DoS Attack",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"name": "218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990204 WS FTP Server Remote DoS Attack",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"name": "218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990204 WS FTP Server Remote DoS Attack",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"name": "218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1170",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:02:53.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0780 (GCVE-0-2000-0780)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=96767207207553&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/1617 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000830 Vulnerability Report On IPSWITCH\u0027s IMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "1617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000830 Vulnerability Report On IPSWITCH\u0027s IMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "1617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000830 Vulnerability Report On IPSWITCH\u0027s IMail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "1617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0780",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2795 (GCVE-0-2007-2795)
Vulnerability from cvelistv5
Published
2009-01-27 23:00
Modified
2024-09-17 00:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-07-042/ | x_refsource_MISC | |
| http://www.ipswitch.com/support/imail/releases/im200621.asp | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-043/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-27T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/"
},
{
"name": "http://www.ipswitch.com/support/imail/releases/im200621.asp",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2795",
"datePublished": "2009-01-27T23:00:00Z",
"dateReserved": "2007-05-21T00:00:00Z",
"dateUpdated": "2024-09-17T00:55:35.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0039 (GCVE-0-2001-0039)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2083 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ipswitch.com/Support/IMail/news.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5674 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2083"
},
{
"name": "20001206 DoS by SMTP AUTH command in IPSwitch IMail server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "imail-smtp-auth-dos(5674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2083"
},
{
"name": "20001206 DoS by SMTP AUTH command in IPSwitch IMail server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "imail-smtp-auth-dos(5674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2083"
},
{
"name": "20001206 DoS by SMTP AUTH command in IPSwitch IMail server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"name": "http://www.ipswitch.com/Support/IMail/news.html",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"name": "imail-smtp-auth-dos(5674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0039",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200110-0112
Vulnerability from variot
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. A vulnerability exists in IMail which could enable an authenticated user to view the mailbox of another IMail user. This accomplished using directory traversal techniques while logged into the server with a valid session ID
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq by Niels Heinen \u003czilli0n@gmx.net\u003e on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1286",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4091",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1286",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-044",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4091",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.04 and earlier stores a user\u0027s session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker\u0027s control. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. \nA vulnerability exists in IMail which could enable an authenticated user to view the mailbox of another IMail user. \nThis accomplished using directory traversal techniques while logged into the server with a valid session ID",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1286"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "VULHUB",
"id": "VHN-4091"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1286",
"trust": 2.0
},
{
"db": "BID",
"id": "3432",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020310 IMAIL ACCOUNT HIJACK THROUGH THE WEB INTERFACE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4091",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"id": "VAR-200110-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:17.564000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3432"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"trust": 2.7,
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4091"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4091"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3432"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4091"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3432"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-044"
},
{
"date": "2024-11-20T23:37:19.993000",
"db": "NVD",
"id": "CVE-2001-1286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail User Mailbox Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-044"
}
],
"trust": 0.6
}
}
var-199912-0146
Vulnerability from variot
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover's post to Bugtraq, linked to in full in the Credits section. ENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it's ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character's new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter. Example: Account Name: mike m = 109 i = 105 k = 107 e = 101 Differences: First - First: 0 First - Second: 4 First - Third: 2 First - Fourth: 8 Unencrypted Password: rocks r = 114 o = 111 c = 99 k = 107 s = 115 (ASCII value + offset) - difference: offset: (109 - 97) = 12 (114 + 12) - 0 = 126 (111 + 12) - 4 = 119 (99 + 12) - 2 = 109 (107 + 12) - 8 = 111 (115 + 12) - 0 = 127 126 = DF 119 = D8 109 = CE 111 = D0 127 = E0 Encrypted Password: DFD8CED0E0 The decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to 'a'. EXAMPLE Account Name: mike m = 109 i = 105 k = 107 e = 101 Differences: First - First: 0 First - Second: 4 First - Third: 2 First - Fourth: 8 Encrypted Password: DFD8CED0E0 DF = 126 D8 = 119 CE = 109 D0 = 111 E0 = 127 Add Difference: 126 + 0 = 126 119 + 4 = 123 109 + 2 = 111 111 + 8 = 119 127 + 0 = 127 Look up in table (see http://www.w00w00.org/imail_map.txt): 126 = r 123 = o 111 = c 119 = k 127 = s Unencrypted Password: rocks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199912-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq on December 21, 1999 by Matt Conover \u003cshok@cannabis.dataforce.net\u003e.",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"cve": "CVE-1999-1497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-1999-1497",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-1478",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199912-063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-1478",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover\u0027s post to Bugtraq, linked to in full in the Credits section. \nENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it\u0027s ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character\u0027s new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter. \nExample:\nAccount Name: mike\nm = 109\ni = 105\nk = 107\ne = 101\nDifferences:\nFirst - First: 0\nFirst - Second: 4\nFirst - Third: 2\nFirst - Fourth: 8\nUnencrypted Password: rocks\nr = 114\no = 111\nc = 99\nk = 107\ns = 115\n(ASCII value + offset) - difference:\noffset: (109 - 97) = 12\n(114 + 12) - 0 = 126\n(111 + 12) - 4 = 119\n(99 + 12) - 2 = 109\n(107 + 12) - 8 = 111\n(115 + 12) - 0 = 127\n126 = DF\n119 = D8\n109 = CE\n111 = D0\n127 = E0\nEncrypted Password: DFD8CED0E0\nThe decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to \u0027a\u0027. \nEXAMPLE\nAccount Name: mike\nm = 109\ni = 105\nk = 107\ne = 101\nDifferences:\nFirst - First: 0\nFirst - Second: 4\nFirst - Third: 2\nFirst - Fourth: 8\nEncrypted Password: DFD8CED0E0\nDF = 126\nD8 = 119\nCE = 109\nD0 = 111\nE0 = 127\nAdd Difference:\n126 + 0 = 126\n119 + 4 = 123\n109 + 2 = 111\n111 + 8 = 119\n127 + 0 = 127\nLook up in table (see http://www.w00w00.org/imail_map.txt):\n126 = r\n123 = o\n111 = c\n119 = k\n127 = s\nUnencrypted Password: rocks",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "BID",
"id": "880"
},
{
"db": "VULHUB",
"id": "VHN-1478"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1478",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1497",
"trust": 2.0
},
{
"db": "BID",
"id": "880",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19991221 [W00GIVING \u002799 #11] IMAIL\u0027S PASSWORD ENCRYPTION SCHEME",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "401",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19683",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1478",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"id": "VAR-199912-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:22.859000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/880"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-1478"
},
{
"date": "1999-12-19T00:00:00",
"db": "BID",
"id": "880"
},
{
"date": "1999-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"date": "1999-12-21T05:00:00",
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-1478"
},
{
"date": "2009-07-11T01:56:00",
"db": "BID",
"id": "880"
},
{
"date": "2007-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"date": "2024-11-20T23:31:15.427000",
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail Weak Password Encryption Vulnerability",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
}
}
var-199902-0016
Vulnerability from variot
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. A security vulnerability exists in IPswitch WS_FTP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199902-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 1.0,
"vendor": "progress",
"version": "1.0.2.e"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 1.0,
"vendor": "progress",
"version": "1.0.1.e"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "1.0.2.e"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "1.0.1.e"
},
{
"model": "ws ftp server eval",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "1.0.2"
},
{
"model": "ws ftp server eval",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "1.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "218"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
}
],
"trust": 0.6
},
"cve": "CVE-1999-1171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-1999-1171",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-1152",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1171",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-199902-007",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1152",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1152"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. A security vulnerability exists in IPswitch WS_FTP",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1171"
},
{
"db": "BID",
"id": "218"
},
{
"db": "VULHUB",
"id": "VHN-1152"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1152",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1152"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1171",
"trust": 2.0
},
{
"db": "BID",
"id": "218",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199902-007",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "19167",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1152",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1152"
},
{
"db": "BID",
"id": "218"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"id": "VAR-199902-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1152"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:11:45.613000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/218"
},
{
"trust": 2.6,
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=ntbugtraq\u0026amp;m=91816507920544\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1152"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1152"
},
{
"db": "BID",
"id": "218"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-1152"
},
{
"date": "1999-02-04T00:00:00",
"db": "BID",
"id": "218"
},
{
"date": "1999-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"date": "1999-02-02T05:00:00",
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-1152"
},
{
"date": "2009-07-11T00:16:00",
"db": "BID",
"id": "218"
},
{
"date": "2020-01-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199902-007"
},
{
"date": "2024-11-20T23:30:28.787000",
"db": "NVD",
"id": "CVE-1999-1171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPswitch WS_FTP Service privilege expansion vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-007"
}
],
"trust": 0.6
}
}
var-200412-0343
Vulnerability from variot
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. It is reported that IMail is susceptible to multiple buffer overflow denial of service vulnerabilities. These vulnerabilities allow a remote attacker to crash the affected application, denying service to legitimate users. It is conjectured that it may be possible for an attacker to execute arbitrary code in the context of the affected server application. Versions of the application prior to 8.13 are reported affected by these vulnerabilities. TITLE: IMail Multiple Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA12453
VERIFY ADVISORY: http://secunia.com/advisories/12453/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: IMail Server 8.x http://secunia.com/product/3048/
DESCRIPTION: Various vulnerabilities have been reported in IMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
2) An unspecified error within the Web Calendaring can potentially be exploited to cause a crash when a calender entry containing certain content is viewed.
SOLUTION: Apply IMail Server 8.13 patch. http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://support.ipswitch.com/kb/IM-20040902-DM01.htm
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
}
],
"sources": [
{
"db": "BID",
"id": "11106"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2422",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2422",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10850",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2422",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10850",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. It is reported that IMail is susceptible to multiple buffer overflow denial of service vulnerabilities. \nThese vulnerabilities allow a remote attacker to crash the affected application, denying service to legitimate users. It is conjectured that it may be possible for an attacker to execute arbitrary code in the context of the affected server application. \nVersions of the application prior to 8.13 are reported affected by these vulnerabilities. \nTITLE:\nIMail Multiple Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA12453\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/12453/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Server 8.x\nhttp://secunia.com/product/3048/\n\nDESCRIPTION:\nVarious vulnerabilities have been reported in IMail, which\npotentially can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\n2) An unspecified error within the Web Calendaring can potentially be\nexploited to cause a crash when a calender entry containing certain\ncontent is viewed. \n\nSOLUTION:\nApply IMail Server 8.13 patch. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im813.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://support.ipswitch.com/kb/IM-20040902-DM01.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2422"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "VULHUB",
"id": "VHN-10850"
},
{
"db": "PACKETSTORM",
"id": "34264"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11106",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "12453",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-2422",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "9554",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "9552",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1011146",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106",
"trust": 0.7
},
{
"db": "XF",
"id": "17222",
"trust": 0.6
},
{
"db": "XF",
"id": "17219",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10850",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "34264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10850"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "PACKETSTORM",
"id": "34264"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"id": "VAR-200412-0343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10850"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:15.374000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11106"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20040902-dm01.htm#fixes"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/9552"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/9554"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1011146"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12453"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17219"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17222"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17222"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17219"
},
{
"trust": 0.4,
"url": "http://support.ipswitch.com/kb/im-20040902-dm01.htm"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/12453/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10850"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "PACKETSTORM",
"id": "34264"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10850"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "PACKETSTORM",
"id": "34264"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10850"
},
{
"date": "2004-09-03T00:00:00",
"db": "BID",
"id": "11106"
},
{
"date": "2004-09-09T06:47:23",
"db": "PACKETSTORM",
"id": "34264"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10850"
},
{
"date": "2004-09-03T00:00:00",
"db": "BID",
"id": "11106"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1106"
},
{
"date": "2024-11-20T23:53:18.990000",
"db": "NVD",
"id": "CVE-2004-2422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Multiple Buffer Overflow Denial Of Service Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "11106"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "11106"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1106"
}
],
"trust": 0.9
}
}
var-200901-0467
Vulnerability from variot
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability.The specific flaw resides in IMailsec.dll while attempting to authenticate users. The affected component is used by multiple services that listen on a default installation. The authentication mechanism copies user-supplied data into fixed length heap buffers using the lstrcpyA() function. The unbounded copy operation can cause a memory corruption resulting in an exploitable condition. Authentication is required to exploit this vulnerability.The specific flaw exists due to a lack of bounds checking during theparsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs. Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. IMail bundles an IMAP daemon (imapd32.exe) that allows users to access mail. ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-042.html July 24, 2007
-- CVE ID: CVE-2007-2795
-- Affected Vendor: Ipswitch
-- Affected Products: Ipswitch IMail Ipswitch Collaboration Suite
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 24, 2007 by Digital Vaccine protection filter ID 5224.
-- Vendor Response: Ipswitch has issued an update to correct this vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im200621.asp
-- Disclosure Timeline: 2007.02.26 - Vulnerability reported to vendor 2007.07.24 - Digital Vaccine released to TippingPoint customers 2007.07.24 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by Sebastian Apelt (webmaster@buzzworld.org).
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"model": "imail",
"scope": null,
"trust": 1.4,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail",
"scope": "lte",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006.21"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.21"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt (webmaster@buzzworld.org)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
}
],
"trust": 1.4
},
"cve": "CVE-2007-2795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2007-2795",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-26157",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-2795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-2795",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-363",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-26157",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability.The specific flaw resides in IMailsec.dll while attempting to authenticate users. The affected component is used by multiple services that listen on a default installation. The authentication mechanism copies user-supplied data into fixed length heap buffers using the lstrcpyA() function. The unbounded copy operation can cause a memory corruption resulting in an exploitable condition. Authentication is required to exploit this vulnerability.The specific flaw exists due to a lack of bounds checking during theparsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs. Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. \nSuccessful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. \nIpswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. IMail bundles an IMAP daemon (imapd32.exe) that allows users to access mail. ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption\n Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-042.html\nJuly 24, 2007\n\n-- CVE ID:\nCVE-2007-2795\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nIpswitch IMail\nIpswitch Collaboration Suite\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since July 24, 2007 by Digital Vaccine protection\nfilter ID 5224. \n\n\n-- Vendor Response:\nIpswitch has issued an update to correct this vulnerability. More\ndetails can be found at:\n\n http://www.ipswitch.com/support/imail/releases/im200621.asp\n\n-- Disclosure Timeline:\n2007.02.26 - Vulnerability reported to vendor\n2007.07.24 - Digital Vaccine released to TippingPoint customers\n2007.07.24 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Sebastian Apelt\n(webmaster@buzzworld.org). \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n\nCONFIDENTIALITY NOTICE: This e-mail message, including any attachments,\nis being sent by 3Com for the sole use of the intended recipient(s) and\nmay contain confidential, proprietary and/or privileged information. \nAny unauthorized review, use, disclosure and/or distribution by any \nrecipient is prohibited. If you are not the intended recipient, please\ndelete and/or destroy all copies of this message regardless of form and\nany included attachments and notify 3Com immediately by contacting the\nsender via reply e-mail or forwarding to 3Com at postmaster@3com.com",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-26157",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2795",
"trust": 4.4
},
{
"db": "ZDI",
"id": "ZDI-07-042",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-07-043",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-166",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-179",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363",
"trust": 0.7
},
{
"db": "BID",
"id": "24962",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "58013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58012",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-66887",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9662",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-26157",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"id": "VAR-200901-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:28:14.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "im200621",
"trust": 2.2,
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-042/"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-043/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2795"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2795"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-042.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-043.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.3,
"url": "http://docs.ipswitch.com/imail%202006.21/releasenotes/imail_relnotes.htm#newrelease"
},
{
"trust": 0.3,
"url": "/archive/1/474040"
},
{
"trust": 0.3,
"url": "/archive/1/474552"
},
{
"trust": 0.3,
"url": "/archive/1/474553"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2795"
},
{
"trust": 0.2,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"date": "2009-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-26157"
},
{
"date": "2007-07-18T00:00:00",
"db": "BID",
"id": "24962"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"date": "2007-07-25T04:32:46",
"db": "PACKETSTORM",
"id": "58013"
},
{
"date": "2007-07-25T04:31:47",
"db": "PACKETSTORM",
"id": "58012"
},
{
"date": "2007-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"date": "2009-01-27T23:30:00.187000",
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"date": "2009-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-26157"
},
{
"date": "2016-07-05T21:38:00",
"db": "BID",
"id": "24962"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"date": "2009-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-363"
},
{
"date": "2024-11-21T00:31:40.767000",
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "24962"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
],
"trust": 0.6
}
}
var-200110-0107
Vulnerability from variot
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. It is possible to specify another userid to whom changes in the editing form will be applied by simply modifying a hidden variable. Successful exploitation of this vulnerability could lead to a denial of service for the victim user. Vulnerabilities exist in Ipswitch IMail 7.04 and earlier versions of Web Messaging Server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0107",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3429"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Arne Vidstrom \u003carne.vidstrom@ntsecurity.nu\u003e on Oct 11, 2001.",
"sources": [
{
"db": "BID",
"id": "3429"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1281",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1281",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-4086",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1281",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-040",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4086",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4086"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. It is possible to specify another userid to whom changes in the editing form will be applied by simply modifying a hidden variable. \nSuccessful exploitation of this vulnerability could lead to a denial of service for the victim user. Vulnerabilities exist in Ipswitch IMail 7.04 and earlier versions of Web Messaging Server",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1281"
},
{
"db": "BID",
"id": "3429"
},
{
"db": "VULHUB",
"id": "VHN-4086"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1281",
"trust": 2.0
},
{
"db": "BID",
"id": "3429",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011011 VULNERABILITIES IN IPSWITCH IMAIL SERVER 7.04",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4086",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4086"
},
{
"db": "BID",
"id": "3429"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"id": "VAR-200110-0107",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4086"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:05:57.535000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3429"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.3,
"url": "http://ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4086"
},
{
"db": "BID",
"id": "3429"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4086"
},
{
"db": "BID",
"id": "3429"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4086"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3429"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4086"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3429"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-040"
},
{
"date": "2024-11-20T23:37:19.300000",
"db": "NVD",
"id": "CVE-2001-1281"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server User Modification Vulnerability",
"sources": [
{
"db": "BID",
"id": "3429"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-040"
}
],
"trust": 0.6
}
}
var-200703-0303
Vulnerability from variot
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. A buffer overflow vulnerability exists in the IMAILAPILib ActiveX control (IMailAPI.dll) of Ipswitch IMail Server versions prior to 2006.2.
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows
SECUNIA ADVISORY ID: SA24422
VERIFY ADVISORY: http://secunia.com/advisories/24422/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Server 2006 http://secunia.com/product/8653/
DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server/Collaboration Suite, which potentially can be exploited by malicious people to compromise a vulnerable system.
1) Unspecified errors within the IMailServer.WebConnect, IMailLDAPService.Sync3, IMailLDAPService.Init3, IMailServer.Connect, and IMailUserCollection.SetReplyTo components can be exploited to cause buffer overflows via specially crafted packets.
2) An error within an unspecified ActiveX control can be exploited to execute arbitrary code when a user e.g. visits a malicious web site.
SOLUTION: Update to version 2006.2 (Standard Edition only): ftp://ftp.ipswitch.com/Ipswitch/Product_Downloads/ICS_Standard.exe
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Ipswitch: http://www.ipswitch.com/support/ics/updates/ics20062.asp http://support.ipswitch.com/kb/IM-20070305-JH01.htm
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail premium",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail plus",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_standard"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail",
"scope": "lt",
"trust": 0.8,
"vendor": "ipswitch",
"version": "server"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "54869"
}
],
"trust": 0.1
},
"cve": "CVE-2007-1637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-1637",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-24999",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-1637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-1637",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-591",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24999",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. A buffer overflow vulnerability exists in the IMAILAPILib ActiveX control (IMailAPI.dll) of Ipswitch IMail Server versions prior to 2006.2. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server/Collaboration Suite Multiple Buffer Overflows\n\nSECUNIA ADVISORY ID:\nSA24422\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24422/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\nIMail Server 2006\nhttp://secunia.com/product/8653/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ipswitch IMail\nServer/Collaboration Suite, which potentially can be exploited by\nmalicious people to compromise a vulnerable system. \n\n1) Unspecified errors within the IMailServer.WebConnect,\nIMailLDAPService.Sync3, IMailLDAPService.Init3, IMailServer.Connect,\nand IMailUserCollection.SetReplyTo components can be exploited to\ncause buffer overflows via specially crafted packets. \n\n2) An error within an unspecified ActiveX control can be exploited to\nexecute arbitrary code when a user e.g. visits a malicious web site. \n\nSOLUTION:\nUpdate to version 2006.2 (Standard Edition only):\nftp://ftp.ipswitch.com/Ipswitch/Product_Downloads/ICS_Standard.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIpswitch:\nhttp://www.ipswitch.com/support/ics/updates/ics20062.asp\nhttp://support.ipswitch.com/kb/IM-20070305-JH01.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "PACKETSTORM",
"id": "54869"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1637",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "24422",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1017737",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0853",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20070307 IPSWITCH IMAIL SERVER 2006 MULTIPLE ACTIVEX CONTROL BUFFER OVERFLOW VULNERABILITIE",
"trust": 0.6
},
{
"db": "BID",
"id": "83550",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-24999",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54869",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "PACKETSTORM",
"id": "54869"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"id": "VAR-200703-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:04:00.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IM-20070305-JH01",
"trust": 0.8,
"url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.ipswitch.com/kb/im-20070305-jh01.htm"
},
{
"trust": 1.7,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1017737"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24422"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0853"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1637"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1637"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0853"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics20062.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24422/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "PACKETSTORM",
"id": "54869"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "PACKETSTORM",
"id": "54869"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-24999"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54869"
},
{
"date": "2007-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"date": "2007-03-23T22:19:00",
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-24999"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"date": "2007-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-591"
},
{
"date": "2024-11-21T00:28:48.660000",
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server of IMAILAPILib ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
],
"trust": 0.6
}
}
var-200110-0109
Vulnerability from variot
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. The IPSwitch IMail Server webmail interface is prone to a denial of service. Theweb interface will crash if a mailbox with a name that contains 248+ dots('.') is accessed. If the webmail interface crashes then it must be restarted to regain normal functionality. CGI scripts that access mailboxes may also induce a denial of service in the same manner. Though it is unconfirmed, this issue may be caused by a buffer overflow. If thisis the case, a possibility does exist that this issue may be exploited to execute arbitrary code on the host. (dot) or other characters, resulting in service denial (crash)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0109",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3427"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Niels Heinen \u003czilli0n@gmx.net\u003e on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3427"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1283",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1283",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4088",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1283",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-045",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4088",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4088"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. \nThe IPSwitch IMail Server webmail interface is prone to a denial of service. Theweb interface will crash if a mailbox with a name that contains 248+ dots(\u0027.\u0027) is accessed. If the webmail interface crashes then it must be restarted to regain normal functionality. CGI scripts that access mailboxes may also induce a denial of service in the same manner. \nThough it is unconfirmed, this issue may be caused by a buffer overflow. If thisis the case, a possibility does exist that this issue may be exploited to execute arbitrary code on the host. (dot) or other characters, resulting in service denial (crash)",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1283"
},
{
"db": "BID",
"id": "3427"
},
{
"db": "VULHUB",
"id": "VHN-4088"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1283",
"trust": 2.0
},
{
"db": "BID",
"id": "3427",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4088",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4088"
},
{
"db": "BID",
"id": "3427"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"id": "VAR-200110-0109",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4088"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:17.539000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3427"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4088"
},
{
"db": "BID",
"id": "3427"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4088"
},
{
"db": "BID",
"id": "3427"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4088"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3427"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4088"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3427"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-045"
},
{
"date": "2024-11-20T23:37:19.590000",
"db": "NVD",
"id": "CVE-2001-1283"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Mailbox Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-045"
}
],
"trust": 0.6
}
}
var-200505-0002
Vulnerability from variot
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. IMail is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "87973"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87973"
}
],
"trust": 0.3
},
"cve": "CVE-1999-1557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-1557",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1538",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1557",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-655",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1538",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. IMail is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "VULHUB",
"id": "VHN-1538"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1538",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1557",
"trust": 2.0
},
{
"db": "XF",
"id": "1895",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19990301 MULTIPLE IMAIL VULNERABILITES",
"trust": 0.6
},
{
"db": "BID",
"id": "87973",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "19377",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1538",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"id": "VAR-200505-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:36:05.708000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/1895.php"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=92038879607336\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-1538"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "87973"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-1538"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "87973"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-655"
},
{
"date": "2017-12-19T02:29:10.487000",
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
],
"trust": 0.6
}
}
var-199903-0048
Vulnerability from variot
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL. The IMail web server can be crashed by requesting an abnormally long URL. There is a buffer overflow vulnerability in Ipswitch IMail Service version 5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199903-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "505"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eEye Advisory AD03011999 posted to Bugtraq March 1, 1999 by MArc of eEye \u003cinfo@eEye.com\u003e.",
"sources": [
{
"db": "BID",
"id": "505"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
}
],
"trust": 0.9
},
"cve": "CVE-1999-1551",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-1551",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1551",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-199903-023",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1532",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1532"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL. The IMail web server can be crashed by requesting an abnormally long URL. There is a buffer overflow vulnerability in Ipswitch IMail Service version 5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1551"
},
{
"db": "BID",
"id": "505"
},
{
"db": "VULHUB",
"id": "VHN-1532"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1532",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1532"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1551",
"trust": 2.0
},
{
"db": "BID",
"id": "505",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023",
"trust": 0.7
},
{
"db": "XF",
"id": "1898",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "19990302 MULTIPLE IMAIL VULNERABILITES",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "19380",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1532",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1532"
},
{
"db": "BID",
"id": "505"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"id": "VAR-199903-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1532"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:00:48.204000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/505"
},
{
"trust": 2.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1898"
},
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/1898.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=92038879607336\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1532"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1532"
},
{
"db": "BID",
"id": "505"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-1532"
},
{
"date": "1999-03-01T00:00:00",
"db": "BID",
"id": "505"
},
{
"date": "1999-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"date": "1999-03-02T05:00:00",
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-1532"
},
{
"date": "2009-07-11T00:56:00",
"db": "BID",
"id": "505"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-023"
},
{
"date": "2024-11-20T23:31:23.213000",
"db": "NVD",
"id": "CVE-1999-1551"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Buffer overflow DoS Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-023"
}
],
"trust": 0.6
}
}
var-200110-0108
Vulnerability from variot
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. A vulnerability exists which may remotely disclose sensitive information about the host running IMail Server. The disclosed information may be used to maliciously map out the directory structure of the host, facilitating further "intelligent" attacks on the host
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0108",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3426"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Niels Heinen \u003czilli0n@gmx.net\u003e on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3426"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1282",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1282",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4087",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4087"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. \nA vulnerability exists which may remotely disclose sensitive information about the host running IMail Server. \nThe disclosed information may be used to maliciously map out the directory structure of the host, facilitating further \"intelligent\" attacks on the host",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1282"
},
{
"db": "BID",
"id": "3426"
},
{
"db": "VULHUB",
"id": "VHN-4087"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3426",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1282",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4087",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4087"
},
{
"db": "BID",
"id": "3426"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"id": "VAR-200110-0108",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4087"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:17.613000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3426"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4087"
},
{
"db": "BID",
"id": "3426"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4087"
},
{
"db": "BID",
"id": "3426"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4087"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3426"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4087"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3426"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-046"
},
{
"date": "2024-11-20T23:37:19.450000",
"db": "NVD",
"id": "CVE-2001-1282"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Path leak vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3426"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-046"
}
],
"trust": 0.9
}
}
var-200208-0143
Vulnerability from variot
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. Ipswitch IMail is an e-mail server that serves clients their mail via a web interface. It runs on Microsoft Windows operating systems. IMail normally runs in the SYSTEM context, meaning that successful exploitation will result in a full compromise of the underlying system. It should be noted that this condition may also be exploited to trigger a denial of service. The Ipswitch IMail service program includes multiple components including LDAP service, which allows remote clients to read the IMail directory, and there is a loophole in the authentication process that allows remote attackers to access the server with the authority of the SYSTEM account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "4780"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave Ahmad\u203b da@securityfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0777",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0777",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0777",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-106",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5168",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter. Ipswitch IMail is an e-mail server that serves clients their mail via a web interface. It runs on Microsoft Windows operating systems. \nIMail normally runs in the SYSTEM context, meaning that successful exploitation will result in a full compromise of the underlying system. \nIt should be noted that this condition may also be exploited to trigger a denial of service. The Ipswitch IMail service program includes multiple components including LDAP service, which allows remote clients to read the IMail directory, and there is a loophole in the authentication process that allows remote attackers to access the server with the authority of the SYSTEM account",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "VULHUB",
"id": "VHN-5168"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4780",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0777",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020520 FOUNDSTONE ADVISORY - BUFFER OVERFLOW IN IPSWITCH IMAIL 7.1 AND PRIOR (FWD)",
"trust": 0.6
},
{
"db": "XF",
"id": "9116",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5168",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"id": "VAR-200208-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:48:51.333000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/4780"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5168"
},
{
"date": "2002-05-20T00:00:00",
"db": "BID",
"id": "4780"
},
{
"date": "2002-05-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5168"
},
{
"date": "2002-05-20T00:00:00",
"db": "BID",
"id": "4780"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-106"
},
{
"date": "2024-11-20T23:39:50.893000",
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server LDAP Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "4780"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.9
}
}
var-200106-0149
Vulnerability from variot
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "lotus",
"version": null
},
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "6.06"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rit",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "6.06"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.6"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.5"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.4"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.3"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.2"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "domino",
"scope": "ne",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Peter Gr\u00fcndl \u003cpeter.grundl@defcom.com\u003e on April 11, 2001.",
"sources": [
{
"db": "BID",
"id": "2565"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0494",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3312",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0494",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#676552",
"trust": 0.8,
"value": "10.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#601312",
"trust": 0.8,
"value": "9.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555464",
"trust": 0.8,
"value": "4.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310816",
"trust": 0.8,
"value": "1.62"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3312",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \nSubmitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0494"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "VULHUB",
"id": "VHN-3312"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OSVDB",
"id": "5610",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2001-0494",
"trust": 1.7
},
{
"db": "BID",
"id": "2565",
"trust": 1.1
},
{
"db": "BID",
"id": "2571",
"trust": 0.8
},
{
"db": "XF",
"id": "6349",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#676552",
"trust": 0.8
},
{
"db": "XF",
"id": "6347",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#601312",
"trust": 0.8
},
{
"db": "BID",
"id": "2599",
"trust": 0.8
},
{
"db": "XF",
"id": "6350",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#555464",
"trust": 0.8
},
{
"db": "XF",
"id": "6423",
"trust": 0.8
},
{
"db": "BID",
"id": "2636",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#310816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136",
"trust": 0.7
},
{
"db": "XF",
"id": "6445",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010424 IPSWITCH IMAIL 6.06 SMTP REMOTE SYSTEM ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3312",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"id": "VAR-200106-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3312"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:38:18.567000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/advisories/3208"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
},
{
"trust": 1.7,
"url": "http://ipswitch.com/support/imail/news.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5610"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2571"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6349.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2565"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6347.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2599"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6350.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2636"
},
{
"trust": 0.8,
"url": "http://www.ritlabs.com/the_bat/index.html"
},
{
"trust": 0.8,
"url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6423.php"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6445.php"
},
{
"trust": 0.3,
"url": "http://www.lotus.com/home.nsf/welcome/domino"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-06-01T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2001-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-3312"
},
{
"date": "2001-04-11T00:00:00",
"db": "BID",
"id": "2565"
},
{
"date": "2001-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"date": "2001-06-27T04:00:00",
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-08-30T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3312"
},
{
"date": "2001-04-11T00:00:00",
"db": "BID",
"id": "2565"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"date": "2017-10-10T01:29:45.267000",
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lotus Domino vulnerable to DoS via crafted unicode GET request",
"sources": [
{
"db": "CERT/CC",
"id": "VU#676552"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
}
],
"trust": 0.6
}
}
var-200110-0111
Vulnerability from variot
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. A vulnerability exists in IMail which could enable an authenticated user to view the mailbox of another IMail user. This accomplished using directory traversal techniques while logged into the server with a valid session ID. Remote attackers use the .
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0111",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq by Niels Heinen \u003czilli0n@gmx.net\u003e on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1285",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1285",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-4090",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1285",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4090",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. \nA vulnerability exists in IMail which could enable an authenticated user to view the mailbox of another IMail user. \nThis accomplished using directory traversal techniques while logged into the server with a valid session ID. Remote attackers use the .",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1285"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "VULHUB",
"id": "VHN-4090"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1285",
"trust": 2.0
},
{
"db": "BID",
"id": "3432",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4090",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4090"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"id": "VAR-200110-0111",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4090"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:17.588000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3432"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4090"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4090"
},
{
"db": "BID",
"id": "3432"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4090"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3432"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4090"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3432"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-042"
},
{
"date": "2024-11-20T23:37:19.853000",
"db": "NVD",
"id": "CVE-2001-1285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pswitch Imail User Mailbox Disclosure Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-042"
}
],
"trust": 0.6
}
}
var-199903-0001
Vulnerability from variot
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. The IMail IMonitor service can be crashed by exploiting a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199903-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "504"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eEye Advisory AD03011999 posted to bugtraq March 1, 1999 by Marc of eEye \u003cinfo@eEye.com\u003e.",
"sources": [
{
"db": "BID",
"id": "504"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
}
],
"trust": 0.9
},
"cve": "CVE-1999-1046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-1046",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-1027",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1046",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199903-010",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-1027",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1027"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. The IMail IMonitor service can be crashed by exploiting a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1046"
},
{
"db": "BID",
"id": "504"
},
{
"db": "VULHUB",
"id": "VHN-1027"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1027",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1027"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "504",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-1999-1046",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19990302 MULTIPLE IMAIL VULNERABILITES",
"trust": 0.6
},
{
"db": "XF",
"id": "1897",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "19379",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1027",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1027"
},
{
"db": "BID",
"id": "504"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"id": "VAR-199903-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1027"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:00:48.228000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/504"
},
{
"trust": 2.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
},
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/1897.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=92038879607336\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1027"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1027"
},
{
"db": "BID",
"id": "504"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-1027"
},
{
"date": "1999-03-01T00:00:00",
"db": "BID",
"id": "504"
},
{
"date": "1999-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"date": "1999-03-01T05:00:00",
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-1027"
},
{
"date": "2009-07-11T00:56:00",
"db": "BID",
"id": "504"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-010"
},
{
"date": "2024-11-20T23:30:09.393000",
"db": "NVD",
"id": "CVE-1999-1046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NT IMail IMonitor Buffer Overflow DoS Vulnerability",
"sources": [
{
"db": "BID",
"id": "504"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-010"
}
],
"trust": 0.6
}
}
var-201103-0090
Vulnerability from variot
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. This vulnerability is related to plain text command injection attacks. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Wietse Venema via US-CERT. ----------------------------------------------------------------------
Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies.
SOLUTION: Apply fixes. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Kerio Connect "STARTTLS" Plaintext Injection Vulnerability
SECUNIA ADVISORY ID: SA43678
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43678/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43678
RELEASE DATE: 2011-03-12
DISCUSS ADVISORY: http://secunia.com/advisories/43678/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43678/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43678
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Kerio Connect, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.
The vulnerability is reported in version 7.1.4 build 2985. Other versions may also be affected.
SOLUTION: Reportedly, the vendor will fix this in an upcoming version.
PROVIDED AND/OR DISCOVERED BY: Wietse Venema
ORIGINAL ADVISORY: US-CERT VU#555316: http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M4P
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "lte",
"trust": 1.8,
"vendor": "ipswitch",
"version": "11.03"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.01"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.11"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "11.02"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "10.02"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "10.01"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "6.00"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "6.06"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "server_8.2_hotfix_2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "10"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "11"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "11.01"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.1"
},
{
"model": "spamdyke",
"scope": "ne",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.4"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "groupware server 2.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.9"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.5"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "pure-ftpd",
"scope": "ne",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.30"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20011115"
},
{
"model": "groupware server -rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.3"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.01"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.23"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "pure-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.29"
},
{
"model": "groupware server 2.1.beta3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.0"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "groupware server",
"scope": "ne",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.2"
},
{
"model": "inn",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.8"
},
{
"model": "spamdyke",
"scope": "eq",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.31"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.13"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19991231"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "imap server",
"scope": "ne",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.7"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.2"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.1"
},
{
"model": "groupware server 2.1beta2",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6-20080902"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "scooffice server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "0"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.3"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.12"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.4"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.11"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.1"
},
{
"model": "netqmail",
"scope": "eq",
"trust": 0.3,
"vendor": "qmail smtpd auth",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.0.21"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.4"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "groupware server 2.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.8"
},
{
"model": "groupware server beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20010228"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "starttls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "0"
},
{
"model": "mailserver build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.17069"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "groupware server beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "venema postfix patchlevel",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.44"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19990906"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
}
],
"trust": 0.4
},
"cve": "CVE-2011-1430",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-1430",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-49375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1430",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "NVD",
"id": "CVE-2011-1430",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. This vulnerability is related to plain text command injection attacks. \nAn attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. \nThe following vendors are affected:\nIpswitch\nKerio\nPostfix\nQmail-TLS\nOracle (note that the affected application is unknown)\nSCO Group\nspamdyke\nISC. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nWietse Venema via US-CERT. ----------------------------------------------------------------------\n\n\nAlerts when vulnerabilities pose a threat to your infrastructure\nThe enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. \n\nSOLUTION:\nApply fixes. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nKerio Connect \"STARTTLS\" Plaintext Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43678\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43678/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43678\n\nRELEASE DATE:\n2011-03-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43678/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43678/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43678\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Kerio Connect, which can be\nexploited by malicious people to manipulate certain data. \n\nThe vulnerability is caused due to the TLS implementation not\nproperly clearing transport layer buffers when upgrading from\nplaintext to ciphertext after receiving the \"STARTTLS\" command. This\ncan be exploited to insert arbitrary plaintext data (e.g. SMTP\ncommands) during the plaintext phase, which will then be executed\nafter upgrading to the TLS ciphertext phase. \n\nThe vulnerability is reported in version 7.1.4 build 2985. Other\nversions may also be affected. \n\nSOLUTION:\nReportedly, the vendor will fix this in an upcoming version. \n\nPROVIDED AND/OR DISCOVERED BY:\nWietse Venema\n\nORIGINAL ADVISORY:\nUS-CERT VU#555316:\nhttp://www.kb.cert.org/vuls/id/555316\nhttp://www.kb.cert.org/vuls/id/MAPG-8D9M4P\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1430"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2011-1430",
"trust": 2.8
},
{
"db": "BID",
"id": "46767",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "43676",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2011-0609",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "71020",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223",
"trust": 0.7
},
{
"db": "XF",
"id": "65932",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "45857",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44753",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "43678",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101909",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99104",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99217",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"id": "VAR-201103-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49375"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:31:12.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ipswitch.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/mapg-8dbrd4"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/71020"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43676"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0609"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1430"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1430"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/65932"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m4p"
},
{
"trust": 0.4,
"url": "http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://kolab.org/pipermail/kolab-announce/2011/000101.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"trust": 0.3,
"url": "http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7"
},
{
"trust": 0.3,
"url": "https://www.isc.org/software/inn/2.5.3article"
},
{
"trust": 0.3,
"url": "http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt"
},
{
"trust": 0.3,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 0.3,
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"trust": 0.3,
"url": "http://www.spamdyke.org/documentation/changelog.txt"
},
{
"trust": 0.3,
"url": "http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1"
},
{
"trust": 0.3,
"url": "/archive/1/516901"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100134676"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141041"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850478"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 0.3,
"url": "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/vim/section_179/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45857/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45857"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45857/#comments"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m6a"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44753/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m75"
},
{
"trust": 0.1,
"url": "http://www.youtube.com/user/secunia#p/a/u/0/m1y9sjqr2sy"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44753"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44753/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43676/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43676/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43676"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43678/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43678/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43678"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-49375"
},
{
"date": "2011-03-07T00:00:00",
"db": "BID",
"id": "46767"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"date": "2011-09-08T08:14:47",
"db": "PACKETSTORM",
"id": "104917"
},
{
"date": "2011-06-01T04:21:33",
"db": "PACKETSTORM",
"id": "101909"
},
{
"date": "2011-03-09T06:30:49",
"db": "PACKETSTORM",
"id": "99104"
},
{
"date": "2011-03-14T11:35:55",
"db": "PACKETSTORM",
"id": "99217"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"date": "2011-03-16T22:55:04.747000",
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-49375"
},
{
"date": "2015-04-13T21:35:00",
"db": "BID",
"id": "46767"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"date": "2024-11-21T01:26:17.720000",
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
}
],
"trust": 0.6
}
}
var-200011-0041
Vulnerability from variot
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. IPSwitch IMail is an e-mail server which provides WWW (HTTP) E-mail services. By default this web service resides on port 8181 or 8383. Sending an HTTP request with an extremely long "HOST" field multiple times can cause the system hosting the service to become unresponsive. Each long request "kills" a thread without freeing up the memory used by it. By repeating this request, the system's resources can be used up completely. Ipswitch Imail 6.0 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200011-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.00"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was revealed in an eEye advisory (#AD20000817) dated August 17, 2000.",
"sources": [
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0825",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-2395",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0825",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200011-049",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2395",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. IPSwitch IMail is an e-mail server which provides WWW (HTTP) E-mail services. By default this web service resides on port 8181 or 8383. Sending an HTTP request with an extremely long \"HOST\" field multiple times can cause the system hosting the service to become unresponsive. Each long request \"kills\" a thread without freeing up the memory used by it. By repeating this request, the system\u0027s resources can be used up completely. Ipswitch Imail 6.0 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "VULHUB",
"id": "VHN-2395"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2011",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0825",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2",
"trust": 0.6
},
{
"db": "XF",
"id": "5475",
"trust": 0.6
},
{
"db": "NTBUGTRAQ",
"id": "20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2",
"trust": 0.6
},
{
"db": "WIN2KSEC",
"id": "20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-2395",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"id": "VAR-200011-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:36:03.582000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2011"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5475.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-2395"
},
{
"date": "2000-08-17T00:00:00",
"db": "BID",
"id": "2011"
},
{
"date": "2000-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"date": "2000-11-14T05:00:00",
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2395"
},
{
"date": "2000-08-17T00:00:00",
"db": "BID",
"id": "2011"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200011-049"
},
{
"date": "2017-10-10T01:29:19.077000",
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Web service\" HOST Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.9
}
}
var-200505-0076
Vulnerability from variot
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. The Ipswitch Collaboration Suite IMail IMAP service is reported prone to a buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on arguments that are passed to the EXAMINE command. It is conjectured that a remote authenticated attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service. Immediate consequences of a failed exploit attempt would be a denial of service due to the application crashing on an access violation. IMail Server version 8.13 an earlier are reported prone to this vulnerability.
Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS
Request Trial: https://ca.secunia.com/?f=l
TITLE: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow
SECUNIA ADVISORY ID: SA14546
VERIFY ADVISORY: http://secunia.com/advisories/14546/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite (ICS) 1.x http://secunia.com/product/4773/ IMail Server 8.x http://secunia.com/product/3048/
DESCRIPTION: Nico Steinhardt has reported a vulnerability in Ipswitch Collaboration Suite, which can be exploited by malicious users to compromise a vulnerable system.
SOLUTION: Apply IMail Server 8.15 Hotfix 1: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe
PROVIDED AND/OR DISCOVERED BY: Nico Steinhardt
ORIGINAL ADVISORY: iDEFENSE: http://www.idefense.com/application/poi/display?id=216&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II. The EXAMINE command selects a mailbox so that messages within the mailbox may be accessed with read-only privileges. EXAMINE requests with malformed mailbox names of 259 bytes will overwrite the saved stack frame pointer, resulting in potential process execution control. It should be noted that IMAP will append a '/' character to your supplied mailbox name so the most significant byte of the frame pointer will be 0x2e. The output below shows successful control of the frame pointer.
(668.f8): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled.
eax=00000006 ebx=008943b0 ecx=42424242 edx=00c8fad4 esi=008943b0 edi=00000013 eip=0078626d esp=00c9fd20 ebp=2e434343 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 0078626d ?? ???
Frame pointer overwrites may allow attackers to redirect program flow when the current function returns. It should be noted that the IMAP EXAMINE command is only available after successful authentication.
III. The EXAMINE IMAP command is only valid after authentication has occurred, however due to the nature of IMAP servers serving a large user base, this requirement only slightly reduces exposure to the vulnerability.
IV. DETECTION
iDEFENSE has confirmed that the IMAP4 daemon (IMAP4d32.exe ver. IMail Server is now packaged as part of Ipswitch Collaboration Suite.
V. WORKAROUND
Use application level content filtering on overly long IMAP commands.
VI. VENDOR RESPONSE
This vulnerability is addressed in IMail Server 8.15 Hotfix 1 (February 3, 2005), which is available for download at:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-0707 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
03/02/2005 Initial vendor notification 03/08/2005 Initial vendor response 03/10/2005 Public disclosure
IX. CREDIT
Nico Steinhardt is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.15"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.15"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
}
],
"sources": [
{
"db": "BID",
"id": "12780"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nico Steinhardt iDEFENSE Security Advisory\u203b labs@idefense.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
},
"cve": "CVE-2005-0707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2005-0707",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-11916",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0707",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-692",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-11916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. The Ipswitch Collaboration Suite IMail IMAP service is reported prone to a buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on arguments that are passed to the EXAMINE command. \nIt is conjectured that a remote authenticated attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service. Immediate consequences of a failed exploit attempt would be a denial of service due to the application crashing on an access violation. \nIMail Server version 8.13 an earlier are reported prone to this vulnerability. \n----------------------------------------------------------------------\n\nMonitor, Filter, and Manage Security Information\n- Filtering and Management of Secunia advisories\n- Overview, documentation, and detailed reports\n- Alerting via email and SMS\n\nRequest Trial:\nhttps://ca.secunia.com/?f=l\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch Collaboration Suite IMAP EXAMINE Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA14546\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/14546/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite (ICS) 1.x\nhttp://secunia.com/product/4773/\nIMail Server 8.x\nhttp://secunia.com/product/3048/\n\nDESCRIPTION:\nNico Steinhardt has reported a vulnerability in Ipswitch\nCollaboration Suite, which can be exploited by malicious users to\ncompromise a vulnerable system. \n\nSOLUTION:\nApply IMail Server 8.15 Hotfix 1:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nNico Steinhardt\n\nORIGINAL ADVISORY:\niDEFENSE:\nhttp://www.idefense.com/application/poi/display?id=216\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. The \nEXAMINE command selects a mailbox so that messages within the mailbox \nmay be accessed with read-only privileges. EXAMINE requests with \nmalformed mailbox names of 259 bytes will overwrite the saved stack \nframe pointer, resulting in potential process execution control. It \nshould be noted that IMAP will append a \u0027/\u0027 character to your supplied \nmailbox name so the most significant byte of the frame pointer will be \n0x2e. The output below shows successful control of the frame pointer. \n\n(668.f8): Access violation - code c0000005 (first chance)\nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \n\neax=00000006 ebx=008943b0 ecx=42424242\nedx=00c8fad4 esi=008943b0 edi=00000013\neip=0078626d esp=00c9fd20 ebp=2e434343\niopl=0 nv up ei pl zr na po nc\ncs=001b ss=0023 ds=0023 es=0023\nfs=0038 gs=0000 efl=00000246\n0078626d ?? ???\n\nFrame pointer overwrites may allow attackers to redirect program flow \nwhen the current function returns. It should be noted that the IMAP \nEXAMINE command is only available after successful authentication. \n\nIII. The EXAMINE IMAP command is only \nvalid after authentication has occurred, however due to the nature of \nIMAP servers serving a large user base, this requirement only slightly \nreduces exposure to the vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed that the IMAP4 daemon (IMAP4d32.exe ver. \nIMail Server is now packaged as part of Ipswitch Collaboration Suite. \n \nV. WORKAROUND\n\nUse application level content filtering on overly long IMAP commands. \n\nVI. VENDOR RESPONSE\n\nThis vulnerability is addressed in IMail Server 8.15 Hotfix 1 (February\n3, 2005), which is available for download at:\n\n ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-0707 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n03/02/2005 Initial vendor notification\n03/08/2005 Initial vendor response\n03/10/2005 Public disclosure\n\nIX. CREDIT\n\nNico Steinhardt is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-11916",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-0707",
"trust": 2.1
},
{
"db": "BID",
"id": "12780",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "14546",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1013410",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050310 IPSWITCH COLLABORATION SUITE IMAP EXAMINE BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "19655",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "36591",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-11916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "36576",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"id": "VAR-200505-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:10:42.490000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=216\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12780"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1013410"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/14546"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19655"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/19655"
},
{
"trust": 0.3,
"url": "/archive/1/392871"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=216\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/14546/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4773/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?f=l"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0707"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-11916"
},
{
"date": "2005-03-10T00:00:00",
"db": "BID",
"id": "12780"
},
{
"date": "2005-03-15T07:30:59",
"db": "PACKETSTORM",
"id": "36576"
},
{
"date": "2005-03-15T07:43:28",
"db": "PACKETSTORM",
"id": "36591"
},
{
"date": "2005-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-11916"
},
{
"date": "2009-07-12T10:56:00",
"db": "BID",
"id": "12780"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-692"
},
{
"date": "2024-11-20T23:55:44.593000",
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Collaboration Suite IMAP EXAMINE Command buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
}
}
var-201002-0312
Vulnerability from variot
Ipswitch IMail Server is a mail server bundled in the Ipswitch collaboration component. By default, IMail allows the Internet Guest account to access the following registry keys and their subkeys and values with Full Control privileges: HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail. In addition, the password decryption algorithm implemented in IMail's IMailsec.dll library is reversible. Local users can find the Password string under HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\[domain name]\Users and then crack the encrypted password. Ipswitch IMail Server is prone to multiple local privilege-escalation vulnerabilities. Local attackers may exploit these issues to gain elevated privileges, which may lead to a complete compromise of an affected computer. IMail Server 11.01 is affected; other versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201002-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "11.01"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "11.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"db": "BID",
"id": "38109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sinn3r",
"sources": [
{
"db": "BID",
"id": "38109"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server is a mail server bundled in the Ipswitch collaboration component. By default, IMail allows the Internet Guest account to access the following registry keys and their subkeys and values with Full Control privileges: HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Ipswitch\\\\IMail. In addition, the password decryption algorithm implemented in IMail\u0027s IMailsec.dll library is reversible. Local users can find the Password string under HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Ipswitch\\\\IMail\\\\Domains\\\\[domain name]\\\\Users and then crack the encrypted password. Ipswitch IMail Server is prone to multiple local privilege-escalation vulnerabilities. \nLocal attackers may exploit these issues to gain elevated privileges, which may lead to a complete compromise of an affected computer. \nIMail Server 11.01 is affected; other versions may also be vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"db": "BID",
"id": "38109"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "38109",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-0213",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"db": "BID",
"id": "38109"
}
]
},
"id": "VAR-201002-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
}
]
},
"last_update_date": "2022-05-17T01:53:42.287000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.info/?l=full-disclosure"
},
{
"trust": 0.3,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0076.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"db": "BID",
"id": "38109"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"db": "BID",
"id": "38109"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"date": "2010-02-04T00:00:00",
"db": "BID",
"id": "38109"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0213"
},
{
"date": "2010-02-04T00:00:00",
"db": "BID",
"id": "38109"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "38109"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0213"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "38109"
}
],
"trust": 0.3
}
}
var-199901-0009
Vulnerability from variot
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. Progress Software IPswitch IMail is an email server of Progress Software Company in the United States. A security vulnerability exists in Progress Software IPswitch IMail
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199901-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 1.0,
"vendor": "progress",
"version": "1.0.2.e"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 1.0,
"vendor": "progress",
"version": "1.0.1.e"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "1.0.2.e"
},
{
"model": "ws ftp server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "1.0.1.e"
},
{
"model": "ws ftp server eval",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "1.0.2"
},
{
"model": "ws ftp server eval",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "1.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "218"
},
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
}
],
"trust": 0.6
},
"cve": "CVE-1999-1170",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-1999-1170",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-1151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1170",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-199901-025",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1151",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1151"
},
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. Progress Software IPswitch IMail is an email server of Progress Software Company in the United States. A security vulnerability exists in Progress Software IPswitch IMail",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1170"
},
{
"db": "BID",
"id": "218"
},
{
"db": "VULHUB",
"id": "VHN-1151"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1151",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1151"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1170",
"trust": 2.0
},
{
"db": "BID",
"id": "218",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199901-025",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "19167",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1151",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1151"
},
{
"db": "BID",
"id": "218"
},
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"id": "VAR-199901-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1151"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:11:45.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Progress Software IPswitch IMail Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106535"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/218"
},
{
"trust": 2.6,
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=ntbugtraq\u0026amp;m=91816507920544\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1151"
},
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1151"
},
{
"db": "BID",
"id": "218"
},
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-01-02T00:00:00",
"db": "VULHUB",
"id": "VHN-1151"
},
{
"date": "1999-02-04T00:00:00",
"db": "BID",
"id": "218"
},
{
"date": "1999-01-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"date": "1999-01-02T05:00:00",
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-1151"
},
{
"date": "2009-07-11T00:16:00",
"db": "BID",
"id": "218"
},
{
"date": "2020-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199901-025"
},
{
"date": "2024-11-20T23:30:28.647000",
"db": "NVD",
"id": "CVE-1999-1170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Progress Software IPswitch IMail Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199901-025"
}
],
"trust": 0.6
}
}
var-200505-1218
Vulnerability from variot
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP SELECT Command DoS Vulnerability
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=241&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch IMail server is a Windows based messaging solution with a customer base of over 53 million users. More information about the application is available at:
http://www.ipswitch.com/products/IMail_Server/index.html.
II.
The problem specifically exists in the handling of long arguments to the SELECT command. When a string approximately 260 bytes in size is supplied a stack-based buffer overflow occurs that results in an unhandled access violation forcing the daemon to exit. The issue is not believed to be further exploitable.
III. ANALYSIS
Successful exploitation allows remote to crash vulnerable IMAP servers and thereby prevent legitimate usage. The SELECT command is only available post authentication and therefore valid credentials are required to exploit this vulnerability
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in the latest version of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed as vulnerable. It is suspected that earlier versions are vulnerable as well.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somwhat. As a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1254 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/15/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Coordinated public disclosure
IX. CREDIT
Sebastian Apelt is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.12"
},
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "server_8.2_hotfix_2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "server_8.2_hotfix_2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-12463",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1254",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12463",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP SELECT Command DoS Vulnerability\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch IMail server is a Windows based messaging solution with a\ncustomer base of over 53 million users. More information about the\napplication is available at:\n\n http://www.ipswitch.com/products/IMail_Server/index.html. \n\nII. \n\nThe problem specifically exists in the handling of long arguments to the\nSELECT command. When a string approximately 260 bytes in size is\nsupplied a stack-based buffer overflow occurs that results in an\nunhandled access violation forcing the daemon to exit. The issue is not\nbelieved to be further exploitable. \n\nIII. ANALYSIS\n\nSuccessful exploitation allows remote to crash vulnerable IMAP servers\nand thereby prevent legitimate usage. The SELECT command is only\navailable post authentication and therefore valid credentials are\nrequired to exploit this vulnerability\n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in the latest\nversion of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed\nas vulnerable. It is suspected that earlier versions are vulnerable as\nwell. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\n\nthat only trusted users have accounts can mitigate the risk somwhat. As \na more effective workaround, consider limiting access to the IMAP server\n\nby filtering TCP port 143. If possible, consider disabling IMAP and \nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1254 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/15/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Coordinated public disclosure\n\nIX. CREDIT\n\nSebastian Apelt is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "PACKETSTORM",
"id": "39314"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12463",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1254",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP SELECT COMMAND DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39314",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-12463",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"id": "VAR-200505-1218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:50:01.398000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=241\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1254"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html."
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12463"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:34:55",
"db": "PACKETSTORM",
"id": "39314"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12463"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1195"
},
{
"date": "2024-11-20T23:56:56.617000",
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.6
}
}
var-200110-0110
Vulnerability from variot
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. If the attacker can anticipate a current valid session ID then they will be able to access webmail accounts without possessing a valid username/password. Session IDs are generated using alphanumeric characters. A number of the characters are static
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0110",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Niels Heinen \u003czilli0n@gmx.net\u003e on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1284",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1284",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4089",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1284",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-041",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4089",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4089"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. If the attacker can anticipate a current valid session ID then they will be able to access webmail accounts without possessing a valid username/password. \nSession IDs are generated using alphanumeric characters. A number of the characters are static",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1284"
},
{
"db": "BID",
"id": "3428"
},
{
"db": "VULHUB",
"id": "VHN-4089"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3428",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1284",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4089",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4089"
},
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"id": "VAR-200110-0110",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4089"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:17.515000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3428"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4089"
},
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4089"
},
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4089"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3428"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4089"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3428"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-041"
},
{
"date": "2024-11-20T23:37:19.720000",
"db": "NVD",
"id": "CVE-2001-1284"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Predictable Session ID Vulnerability",
"sources": [
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3428"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-041"
}
],
"trust": 0.9
}
}
var-200110-0113
Vulnerability from variot
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. Due to improper bounds checking, the Web Calendaring feature of IMail could allow the execution of arbitrary code with the privileges of SYSTEM. This is achieveable by submitting a specially crafted GET request. Ipswitch IMail 7.04 and earlier versions have a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq in a Defcom Labs Advisory def-2001-29 on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1287",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1287",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1287",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. \nDue to improper bounds checking, the Web Calendaring feature of IMail could allow the execution of arbitrary code with the privileges of SYSTEM. This is achieveable by submitting a specially crafted GET request. Ipswitch IMail 7.04 and earlier versions have a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "VULHUB",
"id": "VHN-4092"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-4092",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3431",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1287",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011012 DEF-2001-29",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "22458",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76260",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-4092",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"id": "VAR-200110-0113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:59:29.857000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3431"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4092"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3431"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4092"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3431"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-043"
},
{
"date": "2024-11-20T23:37:20.147000",
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Web Calender Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.6
}
}
var-200411-0057
Vulnerability from variot
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Ipswitch, Inc. of Ipswitch Imail Exists in unspecified vulnerabilities.None. The Ipswitch LDAP daemon has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists due to a lack of sufficient boundary checks performed on user supplied LDAP tags. When attacker-supplied data containing large LDAP tags is processed by the affected service, a stack based buffer overflow condition will be triggered. A remote attacker may exploit this condition to execute arbitrary instructions in the security context of the affected service. Ipswitch IMail server is a WEB-based mail solution. The Ipswitch LDAP daemon does not adequately check user-supplied LDAP tokens. The LDAP message is composed of the length and content of the tag. The following tags 0x02 0x03 0x0A 0x25 0xBD represent integers 665, 501 (0xA25BD). If the length tag provided by the attacker is too long, the data provided by the user will be copied according to the tag length when the program is processed. Lack of sufficient bounds checks, may overwrite the memory address in the stack due to the following assembly specification: .text: 00401188 mov byte ptr [ebp+ecx+var_4], dl Carefully submitted copy data may be executed on the system with LDAP daemon process privileges Arbitrary instructions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200411-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE Labs\u203b labs@idefense.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0297",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-8727",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0297",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#972334",
"trust": 0.8,
"value": "38.48"
},
{
"author": "NVD",
"id": "CVE-2004-0297",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200411-149",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-8727",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Ipswitch, Inc. of Ipswitch Imail Exists in unspecified vulnerabilities.None. The Ipswitch LDAP daemon has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists due to a lack of sufficient boundary checks performed on user supplied LDAP tags. When attacker-supplied data containing large LDAP tags is processed by the affected service, a stack based buffer overflow condition will be triggered. A remote attacker may exploit this condition to execute arbitrary instructions in the security context of the affected service. Ipswitch IMail server is a WEB-based mail solution. The Ipswitch LDAP daemon does not adequately check user-supplied LDAP tokens. The LDAP message is composed of the length and content of the tag. The following tags 0x02 0x03 0x0A 0x25 0xBD represent integers 665, 501 (0xA25BD). If the length tag provided by the attacker is too long, the data provided by the user will be copied according to the tag length when the program is processed. Lack of sufficient bounds checks, may overwrite the memory address in the stack due to the following assembly specification: .text: 00401188 mov byte ptr [ebp+ecx+var_4], dl Carefully submitted copy data may be executed on the system with LDAP daemon process privileges Arbitrary instructions",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0297"
},
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "VULHUB",
"id": "VHN-8727"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8727",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8727"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#972334",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2004-0297",
"trust": 3.3
},
{
"db": "BID",
"id": "9682",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "3984",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "10880",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20040217 IPSWITCH IMAIL LDAP DAEMON REMOTE BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "15243",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-71326",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83017",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "157",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16824",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-8727",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"id": "VAR-200411-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8727"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:29:27.650000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9682"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"trust": 2.5,
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"trust": 1.9,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805hf2.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/3984"
},
{
"trust": 0.8,
"url": "http://www.idefense.com/application/poi/display?id=74\u0026type=vulnerabilities"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/10880/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0297"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15243"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/354237"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-23T00:00:00",
"db": "CERT/CC",
"id": "VU#972334"
},
{
"date": "2004-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-8727"
},
{
"date": "2004-02-17T00:00:00",
"db": "BID",
"id": "9682"
},
{
"date": "2024-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"date": "2004-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"date": "2004-11-23T05:00:00",
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#972334"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-8727"
},
{
"date": "2004-02-17T00:00:00",
"db": "BID",
"id": "9682"
},
{
"date": "2024-05-31T10:31:00",
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"date": "2017-10-10T01:30:19.640000",
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail Server LDAP daemon buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
}
],
"trust": 0.6
}
}
var-200110-0106
Vulnerability from variot
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. An issue exists in Ipswitch IMail server, which could allow an unauthorized user to gain knowledge of a legitimate username and brute force the password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0106",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Arne Vidstrom \u003carne.vidstrom@ntsecurity.nu\u003e on Oct 11, 2001.",
"sources": [
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1280",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4085",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1280",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-047",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4085",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4085"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. \nAn issue exists in Ipswitch IMail server, which could allow an unauthorized user to gain knowledge of a legitimate username and brute force the password",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1280"
},
{
"db": "BID",
"id": "3424"
},
{
"db": "VULHUB",
"id": "VHN-4085"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3424",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1280",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011011 VULNERABILITIES IN IPSWITCH IMAIL SERVER 7.04",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4085",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4085"
},
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"id": "VAR-200110-0106",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4085"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:05:57.559000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3424"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"trust": 2.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.3,
"url": "http://ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4085"
},
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4085"
},
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4085"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3424"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4085"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3424"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-047"
},
{
"date": "2024-11-20T23:37:19.157000",
"db": "NVD",
"id": "CVE-2001-1280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Account Information Brute Force Vulnerability",
"sources": [
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3424"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-047"
}
],
"trust": 0.9
}
}
var-200001-0034
Vulnerability from variot
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is used to determine which services are currently running and create a web pafge to report this information. Multiple simultaneous requests for status.cgi will cause the software to crash, with a Dr. Watson error of "Invalid Memory Address". There is a vulnerability in the IMail IMONITOR status.cgi CGI script
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200001-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
}
],
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and publicized by USSR Labs on January 5, 1999",
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0056",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1635",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200001-019",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1635",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is used to determine which services are currently running and create a web pafge to report this information. Multiple simultaneous requests for status.cgi will cause the software to crash, with a Dr. Watson error of \"Invalid Memory Address\". There is a vulnerability in the IMail IMONITOR status.cgi CGI script",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "BID",
"id": "914"
},
{
"db": "VULHUB",
"id": "VHN-1635"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1635",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "914",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0056",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-73627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19711",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"id": "VAR-200001-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:08:33.503000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/914"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-1635"
},
{
"date": "2000-01-05T00:00:00",
"db": "BID",
"id": "914"
},
{
"date": "2000-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"date": "2000-01-05T05:00:00",
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-1635"
},
{
"date": "2000-01-05T00:00:00",
"db": "BID",
"id": "914"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200001-019"
},
{
"date": "2024-11-20T23:31:37.467000",
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail IMonitor status.cgi DoS Vulnerability",
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.9
}
}
var-200512-0016
Vulnerability from variot
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in a format-specifier argument to a formatted printing function. This issue allows remote attackers to execute arbitrary machine code in the context of the affected application.
TITLE: Ipswitch IMail Server IMAP and SMTP Service Two Vulnerabilities
SECUNIA ADVISORY ID: SA17863
VERIFY ADVISORY: http://secunia.com/advisories/17863/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite (ICS) 2.x http://secunia.com/product/5167/ IMail Server 8.x http://secunia.com/product/3048/
DESCRIPTION: Two vulnerabilities have been reported in IMail Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system.
2) An error exists in the IMAP4D32 service when handling user supplied arguments passed to the IMAP LIST command. This can be exploited by a logon user to cause a memory dereferencing error, which crashes the IMAP service by supplying an argument of approximately 8000 bytes to the command.
The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected.
SOLUTION: Update to the fixed versions.
IMail Server 8.20: Update to version 8.22. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt
ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. BACKGROUND
Ipswitch Collaboration Suite provides e-mail and real-time collaboration, calendar and contact list sharing, and protection from spam and viruses, all delivered in an easy to use suite.
http://www.ipswitch.com/products/collaboration/index.asp
II. All of the commands are handled by the same function which parses user-supplied input strings. The following debugger session shows a backtrace with user-supplied strings as values. With properly constructed input value, the strings would be interpreted as memory addresses that would be executed upon returning from the current function.
[..] 00A7F370 006020A0 00A7F374 00A7F634 ASCII 5B,"192.168.242.1] MAIL FROM:C:\apps\Ipswitch\Collaboration Suite\IMail\spool\T94e8013e00000005" 00A7F378 00000000 00A7F37C 00000000 00A7F380 7C34FC0B RETURN to MSVCR71.7C34FC0B from MSVCR71.write_char 00A7F384 00602048 00A7F388 00A7F648 ASCII 20,"FROM:C:\apps\Ipswitch\Collaborat" [..]
III. Ipswitch mail services are commonly configured to allow untrusted access. The use of a firewall or other mitigating strategy is highly recommended due to the nature of this vulnerability. The IMail SMTP server is installed by default.
IV.
V. WORKAROUND
iDEFENSE is currently unaware of any effective workarounds for this issue. Access to the affected host should be filtered at the network boundary if global accessibility is not required. Restricting access to only trusted hosts and networks may reduce the likelihood of exploitation.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2931 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure
IX. CREDIT
iDEFENSE credits Nico with the discovery of this vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2.01"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2.0"
},
{
"model": "imail server",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.02"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "15752"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nico",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-2931",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2931",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-115",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14140",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in a format-specifier argument to a formatted printing function. \nThis issue allows remote attackers to execute arbitrary machine code in the context of the affected application. \n\nTITLE:\nIpswitch IMail Server IMAP and SMTP Service Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA17863\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17863/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite (ICS) 2.x\nhttp://secunia.com/product/5167/\nIMail Server 8.x\nhttp://secunia.com/product/3048/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in IMail Server, which can be\nexploited by malicious users to cause a DoS (Denial of Service) and\nto compromise a vulnerable system. \n\n2) An error exists in the IMAP4D32 service when handling user\nsupplied arguments passed to the IMAP LIST command. This can be\nexploited by a logon user to cause a memory dereferencing error,\nwhich crashes the IMAP service by supplying an argument of\napproximately 8000 bytes to the command. \n\nThe vulnerabilities have been reported in IMail Server version 8.20. \nOther versions prior to 8.22 may also be affected. \n\nSOLUTION:\nUpdate to the fixed versions. \n\nIMail Server 8.20:\nUpdate to version 8.22. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nIpswitch Collaboration Suite 2.0:\nUpdate to version 2.02. \nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Nico\n2) Sebastian Apelt\n\nORIGINAL ADVISORY:\nhttp://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities\nhttp://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. BACKGROUND\n\nIpswitch Collaboration Suite provides e-mail and real-time\ncollaboration, calendar and contact list sharing, and protection from\nspam and viruses, all delivered in an easy to use suite. \n\n http://www.ipswitch.com/products/collaboration/index.asp\n\nII. All of the commands are handled by the same function which\nparses user-supplied input strings. The following debugger session\nshows a backtrace with user-supplied strings as values. With properly\nconstructed input value, the strings would be interpreted as memory\naddresses that would be executed upon returning from the current\nfunction. \n\n[..]\n00A7F370 006020A0\n00A7F374 00A7F634 ASCII 5B,\"192.168.242.1] MAIL\n FROM:C:\\apps\\Ipswitch\\Collaboration\n Suite\\IMail\\spool\\T94e8013e00000005\"\n00A7F378 00000000\n00A7F37C 00000000\n00A7F380 7C34FC0B RETURN to MSVCR71.7C34FC0B from MSVCR71.write_char\n00A7F384 00602048\n00A7F388 00A7F648 ASCII 20,\"FROM:C:\\apps\\Ipswitch\\Collaborat\"\n[..]\n\nIII. Ipswitch\nmail services are commonly configured to allow untrusted access. The\nuse of a firewall or other mitigating strategy is highly recommended\ndue to the nature of this vulnerability. The IMail SMTP server is\ninstalled by default. \n\nIV. \n\nV. WORKAROUND\n\niDEFENSE is currently unaware of any effective workarounds for this\nissue. Access to the affected host should be filtered at the network\nboundary if global accessibility is not required. Restricting access to\nonly trusted hosts and networks may reduce the likelihood of\nexploitation. \n\nVI. VENDOR RESPONSE\n\nIpswitch Collaboration Suite 2.02 has been released to address this\nissue and is available for download at:\n\n http://www.ipswitch.com/support/ics/updates/ics202.asp\n\nIMail Server 8.22 has been released to address this issue and is\navailable for download at:\n\n \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-2931 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n09/08/2005 Initial vendor notification\n09/13/2005 Initial vendor response\n10/06/2005 Coordinated public disclosure\n\nIX. CREDIT\n\niDEFENSE credits Nico with the discovery of this vulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14140",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2931",
"trust": 2.1
},
{
"db": "BID",
"id": "15752",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17863",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2005-2782",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015317",
"trust": 1.7
},
{
"db": "IDEFENSE",
"id": "20051206 IPSWITCH COLLABORATION SUITE SMTP FORMAT STRING VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "42190",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"id": "VAR-200512-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:10:23.294000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp"
},
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15752"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015317"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17863"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2782"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2782"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=346"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/ics/updates/ics202.asp"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/collaboration/index.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2931"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-14140"
},
{
"date": "2005-12-06T00:00:00",
"db": "BID",
"id": "15752"
},
{
"date": "2005-12-07T17:36:35",
"db": "PACKETSTORM",
"id": "42134"
},
{
"date": "2005-12-09T16:46:08",
"db": "PACKETSTORM",
"id": "42190"
},
{
"date": "2005-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"date": "2005-12-07T01:03:00",
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14140"
},
{
"date": "2009-07-12T17:56:00",
"db": "BID",
"id": "15752"
},
{
"date": "2005-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-115"
},
{
"date": "2024-11-21T00:00:44.660000",
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Collaboration component SMTP Format string processing vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.6
}
}
var-200505-1217
Vulnerability from variot
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. There is a remote denial of service vulnerability in the Imail IMAP server of Ipswitch Inc. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. If the attacker can provide a string with a length of about 260 bytes, it may trigger a stack overflow and cause the daemon to exit. However, this vulnerability cannot be further exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail server",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1252",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12461",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1204",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12461",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. There is a remote denial of service vulnerability in the Imail IMAP server of Ipswitch Inc. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. If the attacker can provide a string with a length of about 260 bytes, it may trigger a stack overflow and cause the daemon to exit. However, this vulnerability cannot be further exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12461"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12461",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1252",
"trust": 2.0
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL WEB CALENDARING ARBITRARY FILE READ VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39313",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12461",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"id": "VAR-200505-1217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:50:01.457000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.6,
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=242\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12461"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12461"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1204"
},
{
"date": "2024-11-20T23:56:56.477000",
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
}
}
var-200505-1216
Vulnerability from variot
The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LSUB DoS Vulnerability
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=245&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II.
The problem specifically exists within IMAPD32.EXE upon parsing a malformed LSUB command. An attacker can cause the daemon to produce heavy load by transmitting a long string of NULL characters to the 'LSUB' IMAP directive. This, in turn, causes an infinite loop, eventually exhausting all available system resources and causing a denial of service.
III. ANALYSIS
Exploitation allows unauthenticated remote attackers to render the IMAP server useless, thereby preventing legitimate users from retrieving e- mail. This attack takes few resources to launch and can be repeated to ensure that an unpatched system is unable to recover. Exploitation requires a valid IMAP account, thus limiting the impact of this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail version 8.13. It is suspected that earlier versions are also vulnerable.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somwhat. As a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1249 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/25/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Public disclosure
IX. CREDIT
The discoverer of the first vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.6,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1249",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-12458",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12458",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LSUB DoS Vulnerability\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=245\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. \n\nThe problem specifically exists within IMAPD32.EXE upon parsing a \nmalformed LSUB command. An attacker can cause the daemon to produce \nheavy load by transmitting a long string of NULL characters to the \n\u0027LSUB\u0027 IMAP directive. This, in turn, causes an infinite loop, \neventually exhausting all available system resources and causing a \ndenial of service. \n\nIII. ANALYSIS\n\nExploitation allows unauthenticated remote attackers to render the IMAP \nserver useless, thereby preventing legitimate users from retrieving e-\nmail. This attack takes few resources to launch and can be repeated \nto ensure that an unpatched system is unable to recover. Exploitation \nrequires a valid IMAP account, thus limiting the impact of this \nvulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch \nIMail version 8.13. It is suspected that earlier versions are also \nvulnerable. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\n\nthat only trusted users have accounts can mitigate the risk somwhat. As \na more effective workaround, consider limiting access to the IMAP server\n\nby filtering TCP port 143. If possible, consider disabling IMAP and \nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1249 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/25/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Public disclosure\n\nIX. CREDIT\n\nThe discoverer of the first vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "PACKETSTORM",
"id": "39311"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12458",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1249",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP LSUB DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39311",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-12458",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"id": "VAR-200505-1216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:50:01.484000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=245\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=245\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1249"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12458"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:30:55",
"db": "PACKETSTORM",
"id": "39311"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12458"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1198"
},
{
"date": "2024-11-20T23:56:56.210000",
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.6
}
}
var-200210-0229
Vulnerability from variot
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. The web messaging server is vulnerable to a buffer overflow. When the server receives a request for HTTP version 1.0, and the total request is 96 bytes or greater, a buffer overflow occurs. This could result in the execution of attacker-supplied instructions, and potentially allow an attacker to gain local access. ** Ipswitch has reported they are unable to reproduce this issue. In addition, Ipswitch has stated that the supplied, third party patch may in fact open additional vulnerabilities in the product. Ipswitch suggests that users do not apply the supplied patch. IMail's Web Messaging daemon lacks proper checks for parameters when processing HTTP/1.0 GET requests. Remote attackers can exploit this vulnerability to perform buffer overflow attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
}
],
"sources": [
{
"db": "BID",
"id": "5323"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "2c79cbe14ac7d0b8472d3f129fa1df\u203b c79cbe14ac7d0b8472d3f129fa1df55@yahoo.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1076",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1076",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5464",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1076",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5464",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. \nThe web messaging server is vulnerable to a buffer overflow. When the server receives a request for HTTP version 1.0, and the total request is 96 bytes or greater, a buffer overflow occurs. This could result in the execution of attacker-supplied instructions, and potentially allow an attacker to gain local access. \n** Ipswitch has reported they are unable to reproduce this issue. In addition, Ipswitch has stated that the supplied, third party patch may in fact open additional vulnerabilities in the product. Ipswitch suggests that users do not apply the supplied patch. IMail\u0027s Web Messaging daemon lacks proper checks for parameters when processing HTTP/1.0 GET requests. Remote attackers can exploit this vulnerability to perform buffer overflow attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "BID",
"id": "5323"
},
{
"db": "VULHUB",
"id": "VHN-5464"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5464",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5323",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1076",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020725 IPSWITCH IMAIL ADVISORY/EXPLOIT/PATCH",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020729 HOAX EXPLOIT",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020729 RE: HOAX EXPLOIT (2C79CBE14AC7D0B8472D3F129FA1DF55 RETURNS)",
"trust": 0.6
},
{
"db": "XF",
"id": "9679",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-75478",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21654",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5464",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "BID",
"id": "5323"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"id": "VAR-200210-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:15.393000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/5323"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"trust": 2.7,
"url": "http://support.ipswitch.com/kb/im-20020729-dm01.htm"
},
{
"trust": 2.7,
"url": "http://support.ipswitch.com/kb/im-20020731-dm02.htm"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/9679.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "BID",
"id": "5323"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5464"
},
{
"date": "2002-07-26T00:00:00",
"db": "BID",
"id": "5323"
},
{
"date": "2002-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5464"
},
{
"date": "2002-07-26T00:00:00",
"db": "BID",
"id": "5323"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-145"
},
{
"date": "2024-11-20T23:40:32.110000",
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail Web Messaging Daemon HTTP GET Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
}
}
var-200412-1061
Vulnerability from variot
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. Ipswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
}
],
"sources": [
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jerome\u203b jerome@athias.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2004-1520",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-9950",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1520",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-722",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9950",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. \nIpswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "VULHUB",
"id": "VHN-9950"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9950",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11675",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1520",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "13200",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722",
"trust": 0.7
},
{
"db": "XF",
"id": "18058",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "7108",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20041112 IPSWITCH-IMAIL-8.13 STACK OVERFLOW IN THE DELETE COMMAND",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-70993",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70991",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16479",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82989",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9950",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"id": "VAR-200412-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:08:56.392000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11675"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13200"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18058"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/7108"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im814.html"
},
{
"trust": 0.3,
"url": "/archive/1/381027"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110037283803560\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9950"
},
{
"date": "2004-11-13T00:00:00",
"db": "BID",
"id": "11675"
},
{
"date": "2004-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9950"
},
{
"date": "2004-11-13T00:00:00",
"db": "BID",
"id": "11675"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-722"
},
{
"date": "2017-07-11T01:31:06.277000",
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail 8.13 Remotely DELETE Command buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.9
}
}
var-200507-0067
Vulnerability from variot
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. IMail is prone to a information disclosure vulnerability. IMAIL is an email system including WebMail
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2006"
}
],
"sources": [
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89792"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-2160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13369",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2005-2160",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13369",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. IMail is prone to a information disclosure vulnerability. IMAIL is an email system including WebMail",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2160"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "VULHUB",
"id": "VHN-13369"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2160",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050705 IMAIL COOKIE VULNERABILITY (UNHASHED)",
"trust": 0.6
},
{
"db": "BID",
"id": "89792",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-13369",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"id": "VAR-200507-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:07:08.864000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112060187204457\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=112060187204457\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-13369"
},
{
"date": "2005-07-06T00:00:00",
"db": "BID",
"id": "89792"
},
{
"date": "2005-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"date": "2005-07-06T04:00:00",
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-13369"
},
{
"date": "2005-07-06T00:00:00",
"db": "BID",
"id": "89792"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"date": "2024-11-20T23:58:55.403000",
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Imail cookie Information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
}
],
"trust": 0.6
}
}
var-200609-0308
Vulnerability from variot
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Ipswitch IMail Server SMTP Service Unspecified Vulnerability
SECUNIA ADVISORY ID: SA21795
VERIFY ADVISORY: http://secunia.com/advisories/21795/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/
DESCRIPTION: A vulnerability has been reported in IMail Server, which can be exploited by malicious people to compromise a vulnerable system.
ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-028.html September 7, 2006
-- CVE ID: CVE-2006-4379
-- Affected Vendor: Ipswitch
-- Affected Products: ICS/IMail Server 2006
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since August 31, 2006 by Digital Vaccine protection filter ID 4496.
-- Vendor Response: Ipswitch has issued an update, version 2006.1, to correct this vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im20061.asp
-- Disclosure Timeline: 2006.06.22 - Vulnerability reported to vendor 2006.08.31 - Digital Vaccine released to TippingPoint customers 2006.09.07 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "imail secure server",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail plus",
"scope": "eq",
"trust": 2.4,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_premium"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_standard"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006 suite premium and standard editions"
},
{
"_id": null,
"model": "imail",
"scope": null,
"trust": 0.7,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail plus",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"_id": null,
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:imail_secure_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:ipswitch_collaboration_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-028"
}
],
"trust": 0.7
},
"cve": "CVE-2006-4379",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-4379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-20487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4379",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#542197",
"trust": 0.8,
"value": "12.86"
},
{
"author": "NVD",
"id": "CVE-2006-4379",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20487",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"description": {
"_id": null,
"data": "Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an \u0027@\u0027 character and before a \u0027:\u0027 character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters \u0027@\u0027 and \u0027:\u0027 leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. \nIpswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server SMTP Service Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21795\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21795/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\n\nDESCRIPTION:\nA vulnerability has been reported in IMail Server, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics20061.asp\nhttp://www.ipswitch.com/support/imail/releases/im20061.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-028.html\nSeptember 7, 2006\n\n-- CVE ID:\nCVE-2006-4379\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nICS/IMail Server 2006\n\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since August 31, 2006 by Digital Vaccine protection\nfilter ID 4496. \n\n-- Vendor Response:\nIpswitch has issued an update, version 2006.1, to correct this\nvulnerability. More details can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/im20061.asp\n\n-- Disclosure Timeline:\n2006.06.22 - Vulnerability reported to vendor\n2006.08.31 - Digital Vaccine released to TippingPoint customers\n2006.09.07 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
}
],
"trust": 3.51
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20487",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20487"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2006-4379",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "21795",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-06-028",
"trust": 2.5
},
{
"db": "BID",
"id": "19885",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3496",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016803",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016804",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#542197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-067",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060907 ZDI-06-028: IPSWITCH COLLABORATION SUITE SMTP SERVER STACK OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "28789",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49828",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "3264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2601",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "3265",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20487",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49786",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"id": "VAR-200609-0308",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20487"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:50:25.028000Z",
"patch": {
"_id": null,
"data": [
{
"title": "im20061",
"trust": 1.5,
"url": "http://www.ipswitch.com/support/imail/releases/im20061.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "http://www.ipswitch.com/support/imail/releases/im20061.asp"
},
{
"trust": 2.6,
"url": "http://www.ipswitch.com/support/ics/updates/ics20061.asp"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-028.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19885"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016803"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016804"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21795"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445521/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3496"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28789"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/21795/"
},
{
"trust": 0.8,
"url": "http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg108403.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4379"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4379"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3496"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28789"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445521/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8651/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4379"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#542197",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-06-028",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-20487",
"ident": null
},
{
"db": "BID",
"id": "19885",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "49786",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "49828",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-4379",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#542197",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-06-028",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-20487",
"ident": null
},
{
"date": "2006-09-07T00:00:00",
"db": "BID",
"id": "19885",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"ident": null
},
{
"date": "2006-09-08T05:23:41",
"db": "PACKETSTORM",
"id": "49786",
"ident": null
},
{
"date": "2006-09-08T06:50:37",
"db": "PACKETSTORM",
"id": "49828",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-136",
"ident": null
},
{
"date": "2006-09-08T21:04:00",
"db": "NVD",
"id": "CVE-2006-4379",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#542197",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-06-028",
"ident": null
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20487",
"ident": null
},
{
"date": "2007-02-05T16:18:00",
"db": "BID",
"id": "19885",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"ident": null
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-136",
"ident": null
},
{
"date": "2024-11-21T00:15:49.037000",
"db": "NVD",
"id": "CVE-2006-4379",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "The Ipswitch IMail Server is vulnerable to a buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
],
"trust": 0.6
}
}
var-200505-1219
Vulnerability from variot
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=243&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II.
The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately
2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required.
The second vulnerability also exists in the handling of the LOGIN command username argument, however it lends itself to easier exploitation. If a large username starting with one of several special characters is specified, a stack overflow occurs, allowing an attacker to overwrite the saved instruction pointer and control execution flow. Included in the list of special characters are the following: % : * @ &
Both of these vulnerabilities can lead to the execution of arbitrary code.
III. Valid credentials are not required to for exploitation, which heightens the impact of this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in the latest
version of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed as vulnerable. It is suspected that earlier versions are also vulnerable.
V. WORKAROUND
As this vulnerability is exploited before authentication occurs, the only effective workaround is to limit access to the IMAP server by filtering TCP port 143. If possible, consider disabling IMAP and forcing
users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1255 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/25/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Public disclosure
IX. CREDIT
The discoverer of the first vulnerability wishes to remain anonymous. iDEFENSE Labs is credited with the discovery of the second vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.12"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "imail server",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.6,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-12464",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1255",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1200",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-12464",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. \n\nThe first vulnerability specifically exists in the handling of a long \nusername to the LOGIN command. A long username argument of approximately\n\n2,000 bytes will cause a stack based unicode string buffer overflow \nproviding the attacker with partial control over EIP. As this \nvulnerability is in the LOGIN command itself, valid credentials are not \nrequired. \n\nThe second vulnerability also exists in the handling of the LOGIN \ncommand username argument, however it lends itself to easier \nexploitation. If a large username starting with one of several special \ncharacters is specified, a stack overflow occurs, allowing an attacker \nto overwrite the saved instruction pointer and control execution flow. \nIncluded in the list of special characters are the following: % : * @ \u0026 \n\nBoth of these vulnerabilities can lead to the execution of arbitrary\ncode. \n\nIII. Valid credentials are not required to for \nexploitation, which heightens the impact of this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in the latest\n\nversion of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed \nas vulnerable. It is suspected that earlier versions are also \nvulnerable. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited before authentication occurs, the \nonly effective workaround is to limit access to the IMAP server by \nfiltering TCP port 143. If possible, consider disabling IMAP and forcing\n\nusers to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1255 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/25/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Public disclosure\n\nIX. CREDIT\n\nThe discoverer of the first vulnerability wishes to remain anonymous. \niDEFENSE Labs is credited with the discovery of the second\nvulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "PACKETSTORM",
"id": "39312"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12464",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1255",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP LOGIN REMOTE BUFFER OVERFLOW VULNERABILITIES",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39312",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-63181",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1124",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "3627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1035",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12464",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"id": "VAR-200505-1219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:50:01.514000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=243\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1255"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12464"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:32:32",
"db": "PACKETSTORM",
"id": "39312"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12464"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1200"
},
{
"date": "2024-11-20T23:56:56.750000",
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.6
}
}
var-200709-0023
Vulnerability from variot
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line. Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Versions between Ipswitch IMail Server 8.01 and 8.11 are vulnerable to this issue; other versions may also be affected. NOTE: This issue may be related to previously disclosed vulnerabilities in IMail, but due to a lack of information we cannot confirm this. We will update this BID as more information emerges. IPSwitch IMail is a Windows-based mail service program. There is a buffer overflow vulnerability in IPSwitch IMail's iaspam.dll, which may be exploited by remote attackers to control the server. Relevant details: loc_1001ada5 ==> Pay attention to the difference in loading base address during dynamic debugging. mov eax, [ebp+var_54] mov ecx, [eax+10c8h] push ecx ; char * mov edx, [ebp+var_54] mov eax, [edx+10d0h] push eax ; char * call _strcpy add esp, 8 jmp loc_1001a6f0 Here, the two buffers of strcpy, the pointers of src and dst are read directly from the heap without any check before, so send a malicious email to the server (SMD file), and then control the two buffers at the subsequent offset address, you can copy any string to any memory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200709-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.11"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.01"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": "8.01 to 8.11"
}
],
"sources": [
{
"db": "BID",
"id": "25762"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "axis axis@ph4nt0m)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-5094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-28456",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-5094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-5094",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-28456",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28456"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string \"MIME\" by itself on a line in the header, and a long Content-Transfer-Encoding header line. Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. \nAttackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nVersions between Ipswitch IMail Server 8.01 and 8.11 are vulnerable to this issue; other versions may also be affected. \nNOTE: This issue may be related to previously disclosed vulnerabilities in IMail, but due to a lack of information we cannot confirm this. We will update this BID as more information emerges. IPSwitch IMail is a Windows-based mail service program. There is a buffer overflow vulnerability in IPSwitch IMail\u0027s iaspam.dll, which may be exploited by remote attackers to control the server. Relevant details: loc_1001ada5 ==\u003e Pay attention to the difference in loading base address during dynamic debugging. mov eax, [ebp+var_54] mov ecx, [eax+10c8h] push ecx ; char * mov edx, [ebp+var_54] mov eax, [edx+10d0h] push eax ; char * call _strcpy add esp, 8 jmp loc_1001a6f0 Here, the two buffers of strcpy, the pointers of src and dst are read directly from the heap without any check before, so send a malicious email to the server (SMD file), and then control the two buffers at the subsequent offset address, you can copy any string to any memory",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5094"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "BID",
"id": "25762"
},
{
"db": "VULHUB",
"id": "VHN-28456"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-28456",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28456"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5094",
"trust": 2.8
},
{
"db": "BID",
"id": "25762",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "4438",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "39390",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441",
"trust": 0.8
},
{
"db": "MILW0RM",
"id": "4438",
"trust": 0.6
},
{
"db": "XF",
"id": "36723",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28456",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28456"
},
{
"db": "BID",
"id": "25762"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"id": "VAR-200709-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28456"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:48:53.350000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IMail Server",
"trust": 0.8,
"url": "http://www.imailserver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28456"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25762"
},
{
"trust": 1.7,
"url": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/39390"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/4438"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36723"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5094"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5094"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/4438"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36723"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28456"
},
{
"db": "BID",
"id": "25762"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28456"
},
{
"db": "BID",
"id": "25762"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-28456"
},
{
"date": "2007-09-21T00:00:00",
"db": "BID",
"id": "25762"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"date": "2007-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"date": "2007-09-26T22:17:00",
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-28456"
},
{
"date": "2015-05-07T17:35:00",
"db": "BID",
"id": "25762"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004441"
},
{
"date": "2007-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-391"
},
{
"date": "2024-11-21T00:37:06.763000",
"db": "NVD",
"id": "CVE-2007-5094"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "25762"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-391"
}
],
"trust": 0.6
}
}
var-200512-0015
Vulnerability from variot
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. Successful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability
iDEFENSE Security Advisory 12.06.05 www.idefense.com/application/poi/display?id=347&type=vulnerabilities December 6, 2005
I. BACKGROUND
Ipswitch Imail Server is an email server that is part of the IpSwitch Collaboration suit. Imail Supports POP3, SMTP, IMAP and web based email access. More Information can be located on the vendor\x92s site at:
http://www.ipswitch.com/Products/collaboration/index.html
II.
The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit.
III. The LIST command is only available post authentication and therefore valid credentials are required to exploit this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail 8.2.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring that only trusted users have accounts can mitigate the risk somewhat. As a more effective workaround, consider limiting access to the IMAP server by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 Patch has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2923 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure
IX. CREDIT
Sebastian Apelt is credited with discovering this vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
1) A format string error exists in the SMTPD32 service when parsing arguments supplied to the "expn", "mail", "mail from", and "rcpt to" commands. This can be exploited to execute arbitrary code via specially crafted arguments sent to the affected commands.
The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected.
SOLUTION: Update to the fixed versions. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt
ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2.01"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2.0"
},
{
"model": "imail server",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "collaboration suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.02"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "15753"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2005-2923",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-14132",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2923",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14132",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. \nSuccessful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability\n\niDEFENSE Security Advisory 12.06.05\nwww.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\nDecember 6, 2005\n\nI. BACKGROUND\n\nIpswitch Imail Server is an email server that is part of the IpSwitch\nCollaboration suit. Imail Supports POP3, SMTP, IMAP and web based email\naccess. More Information can be located on the vendor\\x92s site at:\n\nhttp://www.ipswitch.com/Products/collaboration/index.html\n\nII. \n\nThe problem specifically exists in handling long arguments to the LIST\ncommand. When a LIST command of approximately 8000 bytes is supplied,\ninternal string parsing routines can be manipulated in such a way as to\nreference non-allocated sections of memory. This parsing error results\nin an unhandled access violation, forcing the daemon to exit. \n\nIII. The LIST command is only available\npost authentication and therefore valid credentials are required to\nexploit this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch\nIMail 8.2. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\nthat only trusted users have accounts can mitigate the risk somewhat. As\na more effective workaround, consider limiting access to the IMAP server\nby filtering TCP port 143. If possible, consider disabling IMAP and\nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nIpswitch Collaboration Suite 2.02 has been released to address this\nissue and is available for download at:\n\nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nIMail Server 8.22 Patch has been released to address this issue and is\navailable for download at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-2923 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n09/08/2005 Initial vendor notification\n09/13/2005 Initial vendor response\n10/06/2005 Coordinated public disclosure\n\nIX. CREDIT\n\nSebastian Apelt is credited with discovering this vulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n1) A format string error exists in the SMTPD32 service when parsing\narguments supplied to the \"expn\", \"mail\", \"mail from\", and \"rcpt to\"\ncommands. This can be exploited to execute arbitrary code via\nspecially crafted arguments sent to the affected commands. \n\nThe vulnerabilities have been reported in IMail Server version 8.20. \nOther versions prior to 8.22 may also be affected. \n\nSOLUTION:\nUpdate to the fixed versions. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nIpswitch Collaboration Suite 2.0:\nUpdate to version 2.02. \nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Nico\n2) Sebastian Apelt\n\nORIGINAL ADVISORY:\nhttp://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities\nhttp://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14132",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2923",
"trust": 2.1
},
{
"db": "BID",
"id": "15753",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17863",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015318",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2782",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20051206 IPSWITCH IMAIL IMAP LIST COMMAND DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "42191",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"id": "VAR-200512-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:10:23.332000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15753"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015318"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17863"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2782"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2782"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=347"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/ics/updates/ics202.asp"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2923"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/collaboration/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-14132"
},
{
"date": "2005-12-06T00:00:00",
"db": "BID",
"id": "15753"
},
{
"date": "2005-12-09T16:47:24",
"db": "PACKETSTORM",
"id": "42191"
},
{
"date": "2005-12-07T17:36:35",
"db": "PACKETSTORM",
"id": "42134"
},
{
"date": "2005-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"date": "2005-12-07T01:03:00",
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14132"
},
{
"date": "2009-07-12T17:56:00",
"db": "BID",
"id": "15753"
},
{
"date": "2005-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-106"
},
{
"date": "2024-11-21T00:00:43.790000",
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP LIST Command Remote Denial of Service Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
}
}
var-200512-0832
Vulnerability from variot
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
TITLE: Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability
SECUNIA ADVISORY ID: SA19168
VERIFY ADVISORY: http://secunia.com/advisories/19168/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/
DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service). This can be exploited to cause a buffer overflow, which crashes the server.
Ipswitch Collaboration Suite 2006 Premium Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe
Ipswitch Collaboration Suite 2006 Standard Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe
IMail Secure Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe
IMail Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe
PROVIDED AND/OR DISCOVERED BY: The vendor credits 3Com's Zero Day Initiative.
ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.ipswitch.com/support/ics/updates/ics200603stan.asp http://www.ipswitch.com/support/imail/releases/imsec200603.asp http://www.ipswitch.com/support/imail/releases/im200603.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006
-- CVE ID: CVE-2005-3526
-- Affected Vendor: Ipswitch
-- Affected Products: Ipswitch Collaboration Suite 2006.02 and below
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3982.
-- Vendor Response:
From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:
"IMAP: Corrected a vulnerability issue where a properly crafted Fetch command causes IMAP to crash with a buffer overflow (disclosed by TippingPoint, a division of 3Com)."
-- Disclosure Timeline: 2005.12.13 - Vulnerability reported to vendor 2005.12.13 - Digital Vaccine released to TippingPoint customers 2006.03.13 - Public release of advisory
-- Credit: This vulnerability was discovered by Manuel Santamarina Suarez aka 'FistFuXXer'.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.02_standard"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.02_premium"
},
{
"_id": null,
"model": "imail",
"scope": null,
"trust": 0.7,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail secure server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "imail secure server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"credits": {
"_id": null,
"data": "Manuel Santamarina Suarez",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
],
"trust": 0.7
},
"cve": "CVE-2005-3526",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2005-3526",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-14735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3526",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-666",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14735",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. \nThe vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. \nThis may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\nTITLE:\nIpswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability\n\nSECUNIA ADVISORY ID:\nSA19168\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19168/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\n\nDESCRIPTION:\nA vulnerability has been reported in Ipswitch IMail\nServer/Collaboration Suite, which can be exploited by malicious users\nto cause a DoS (Denial of Service). This can be exploited to cause a\nbuffer overflow, which crashes the server. \n\nIpswitch Collaboration Suite 2006 Premium Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe\n\nIpswitch Collaboration Suite 2006 Standard Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe\n\nIMail Secure Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe\n\nIMail Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits 3Com\u0027s Zero Day Initiative. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics200603prem.asp\nhttp://www.ipswitch.com/support/ics/updates/ics200603stan.asp\nhttp://www.ipswitch.com/support/imail/releases/imsec200603.asp\nhttp://www.ipswitch.com/support/imail/releases/im200603.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-003.html\nMarch 13, 2006\n\n-- CVE ID:\nCVE-2005-3526\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nIpswitch Collaboration Suite 2006.02 and below\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since December 13, 2005 by Digital Vaccine protection\nfilter ID 3982. \n\n-- Vendor Response:\n\u003e\u003eFrom http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:\n\n\"IMAP: Corrected a vulnerability issue where a properly crafted Fetch\ncommand causes IMAP to crash with a buffer overflow (disclosed by\nTippingPoint, a division of 3Com).\" \n\n-- Disclosure Timeline:\n2005.12.13 - Vulnerability reported to vendor\n2005.12.13 - Digital Vaccine released to TippingPoint customers\n2006.03.13 - Public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Manuel Santamarina Suarez aka \n\u0027FistFuXXer\u0027. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2005-3526",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-06-003",
"trust": 2.5
},
{
"db": "BID",
"id": "17063",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19168",
"trust": 1.8
},
{
"db": "SREASON",
"id": "577",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015759",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0907",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "23796",
"trust": 1.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-009",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060313 ZDI-06-003: IPSWITCH COLLABORATION SUITE CODE EXECUTION VULNERABILITY",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8565",
"trust": 0.6
},
{
"db": "XF",
"id": "25133",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44619",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"id": "VAR-200512-0832",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14735"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:20:09.146000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ipswitch has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17063"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/23796"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015759"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19168"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/577"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0907"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25133"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0907"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/427536/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8565"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/im200603.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603stan.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19168/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imsec200603.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8651/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"db": "BID",
"id": "17063",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "44545",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "44619",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-03-13T00:00:00",
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"date": "2006-03-10T00:00:00",
"db": "BID",
"id": "17063",
"ident": null
},
{
"date": "2006-03-11T02:24:56",
"db": "PACKETSTORM",
"id": "44545",
"ident": null
},
{
"date": "2006-03-13T21:51:14",
"db": "PACKETSTORM",
"id": "44619",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-17T00:00:00",
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"date": "2007-02-20T15:56:00",
"db": "BID",
"id": "17063",
"ident": null
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
},
{
"date": "2024-11-21T00:02:06.580000",
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ipswitch Collaboration Suite Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
],
"trust": 0.6
}
}
var-200505-1220
Vulnerability from variot
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=244&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II.
The vulnerability specifically exists in the handling of a long mailbox name to the STATUS command. A long mailbox name argument will cause a stack based buffer overflow, providing the attacker with full control over the saved return address on the stack. Once this has been achieved,
execution of arbitrary code becomes trivial. As this vulnerability is in
the STATUS command, which requires that a session is authenticated, valid credentials are required.
III. Valid credentials are required for exploitation, which lessens the impact of this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail version 8.13. It is suspected that earlier versions are also vulnerable.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somwhat. As a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1256 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/25/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Public disclosure
IX. CREDIT
iDEFENSE Labs is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "imail server",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.6,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1256",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-12465",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1256",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1201",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-12465",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. \n\nThe vulnerability specifically exists in the handling of a long mailbox \nname to the STATUS command. A long mailbox name argument will cause a \nstack based buffer overflow, providing the attacker with full control \nover the saved return address on the stack. Once this has been achieved,\n\nexecution of arbitrary code becomes trivial. As this vulnerability is in\n\nthe STATUS command, which requires that a session is authenticated, \nvalid credentials are required. \n\nIII. Valid credentials are required for \nexploitation, which lessens the impact of this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch \nIMail version 8.13. It is suspected that earlier versions are also \nvulnerable. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\n\nthat only trusted users have accounts can mitigate the risk somwhat. As \na more effective workaround, consider limiting access to the IMAP server\n\nby filtering TCP port 143. If possible, consider disabling IMAP and \nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1256 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/25/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Public disclosure\n\nIX. CREDIT\n\niDEFENSE Labs is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "PACKETSTORM",
"id": "39310"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12465",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1256",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP STATUS REMOTE BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39310",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-12465",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"id": "VAR-200505-1220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:50:01.428000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=244\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1256"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12465"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:29:45",
"db": "PACKETSTORM",
"id": "39310"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12465"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1201"
},
{
"date": "2024-11-20T23:56:56.890000",
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.6
}
}
var-200112-0166
Vulnerability from variot
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. There is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
}
],
"sources": [
{
"db": "BID",
"id": "3766"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zeeshan Mustafa\u203b security@zeeshan.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"cve": "CVE-2001-1211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1211",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1211",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. \nThere is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for ",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "VULHUB",
"id": "VHN-4016"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3766",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1211",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158",
"trust": 0.7
},
{
"db": "XF",
"id": "7752",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011231 IMAIL WEB SERVICE USER ALIASES / MAILING LISTS ADMIN VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"id": "VAR-200112-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:13:30.835000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3766"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/archive/1/247786"
},
{
"trust": 2.7,
"url": "http://support.ipswitch.com/kb/im-20011219-dm01.htm"
},
{
"trust": 2.7,
"url": "http://support.ipswitch.com/kb/im-20020301-dm02.htm"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-4016"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "3766"
},
{
"date": "2001-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"date": "2001-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-4016"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "3766"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-158"
},
{
"date": "2024-11-20T23:37:09.567000",
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Domain Management Authority Boost Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
}
}
var-200210-0230
Vulnerability from variot
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. It has been reported that such a transaction with the service results in a crash of the iwebcal service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovery credited to \u003c2c79cbe14ac7d0b8472d3f129fa1df55@hush.com\u003e.",
"sources": [
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.9
},
"cve": "CVE-2002-1077",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1077",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5465",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1077",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5465",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. It has been reported that such a transaction with the service results in a crash of the iwebcal service",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "VULHUB",
"id": "VHN-5465"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5465",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5365",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1077",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198",
"trust": 0.7
},
{
"db": "XF",
"id": "9722",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020730 IPSWITCH IMAIL ADVISORY #2",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21673",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75496",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5465",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"id": "VAR-200210-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:12:09.949000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/5365"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/9722.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5465"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5365"
},
{
"date": "2002-10-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5465"
},
{
"date": "2009-07-11T14:56:00",
"db": "BID",
"id": "5365"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-198"
},
{
"date": "2024-11-20T23:40:32.257000",
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail Web Calendar Incomplete Mail Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.9
}
}
var-200010-0032
Vulnerability from variot
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383 for it's end users to access. Via this interface users may read and send mail, as well as mail with file attachments. Certain versions of IMail do not perform proper access validation however resulting in users being able to attach files resident on the server. The net result of this is users may attach files on the server to which they should have no access. This access is limited to the user privileges which the server is being run as, typically SYSTEM. It should be noted that once a user attachs the files in question the server deletes them
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200010-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "1617"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was discovered and reported by Timescape \u003cvellad@kattare.com\u003e.\n\n This advisory was drafted with the help of the SecurityFocus.com Vulnerability Help Team. For more information or assistance drafting advisories please mail vulnhelp@securi",
"sources": [
{
"db": "BID",
"id": "1617"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0780",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-2357",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0780",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200010-093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2357",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383 for it\u0027s end users to access. Via this interface users may read and send mail, as well as mail with file attachments. Certain versions of IMail do not perform proper access validation however resulting in users being able to attach files resident on the server. The net result of this is users may attach files on the server to which they should have no access. This access is limited to the user privileges which the server is being run as, typically SYSTEM. \nIt should be noted that once a user attachs the files in question the server deletes them",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "VULHUB",
"id": "VHN-2357"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-2357",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1617",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0780",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000830 VULNERABILITY REPORT ON IPSWITCH\u0027S IMAIL",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "20182",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-74070",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-2357",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"id": "VAR-200010-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:23:17.803000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/1617"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-2357"
},
{
"date": "2000-08-30T00:00:00",
"db": "BID",
"id": "1617"
},
{
"date": "2000-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"date": "2000-10-20T04:00:00",
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-2357"
},
{
"date": "2000-08-30T00:00:00",
"db": "BID",
"id": "1617"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200010-093"
},
{
"date": "2016-10-18T02:07:29.647000",
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSWITCH IMail web Server vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
],
"trust": 0.6
}
}
var-200412-0389
Vulnerability from variot
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content.". It is reported that IMail is susceptible to multiple buffer overflow denial of service vulnerabilities. It is conjectured that it may be possible for an attacker to execute arbitrary code in the context of the affected server application. Versions of the application prior to 8.13 are reported affected by these vulnerabilities. TITLE: IMail Multiple Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA12453
VERIFY ADVISORY: http://secunia.com/advisories/12453/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: IMail Server 8.x http://secunia.com/product/3048/
DESCRIPTION: Various vulnerabilities have been reported in IMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
1) An unspecified error within the Queue Manager can be exploited to cause a crash via an overly long sender field.
3) An unspecified error within the Web Messaging can potentially be exploited to cause a crash via an overly long "To:" line.
SOLUTION: Apply IMail Server 8.13 patch. http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://support.ipswitch.com/kb/IM-20040902-DM01.htm
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
}
],
"sources": [
{
"db": "BID",
"id": "11106"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2423",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10851",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2423",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-160",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10851",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10851"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via \"specific content.\". It is reported that IMail is susceptible to multiple buffer overflow denial of service vulnerabilities. It is conjectured that it may be possible for an attacker to execute arbitrary code in the context of the affected server application. \nVersions of the application prior to 8.13 are reported affected by these vulnerabilities. \nTITLE:\nIMail Multiple Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA12453\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/12453/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Server 8.x\nhttp://secunia.com/product/3048/\n\nDESCRIPTION:\nVarious vulnerabilities have been reported in IMail, which\npotentially can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\n1) An unspecified error within the Queue Manager can be exploited to\ncause a crash via an overly long sender field. \n\n3) An unspecified error within the Web Messaging can potentially be\nexploited to cause a crash via an overly long \"To:\" line. \n\nSOLUTION:\nApply IMail Server 8.13 patch. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im813.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://support.ipswitch.com/kb/IM-20040902-DM01.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2423"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "VULHUB",
"id": "VHN-10851"
},
{
"db": "PACKETSTORM",
"id": "34264"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11106",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "12453",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "9553",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2004-2423",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1011146",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160",
"trust": 0.7
},
{
"db": "XF",
"id": "17220",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10851",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "34264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10851"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "PACKETSTORM",
"id": "34264"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"id": "VAR-200412-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10851"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:15.312000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11106"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20040902-dm01.htm#fixes"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/9553"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1011146"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12453"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17220"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17220"
},
{
"trust": 0.4,
"url": "http://support.ipswitch.com/kb/im-20040902-dm01.htm"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/12453/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10851"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "PACKETSTORM",
"id": "34264"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10851"
},
{
"db": "BID",
"id": "11106"
},
{
"db": "PACKETSTORM",
"id": "34264"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10851"
},
{
"date": "2004-09-03T00:00:00",
"db": "BID",
"id": "11106"
},
{
"date": "2004-09-09T06:47:23",
"db": "PACKETSTORM",
"id": "34264"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10851"
},
{
"date": "2004-09-03T00:00:00",
"db": "BID",
"id": "11106"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-160"
},
{
"date": "2024-11-20T23:53:19.157000",
"db": "NVD",
"id": "CVE-2004-2423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Multiple Buffer Overflow Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "11106"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-160"
}
],
"trust": 0.9
}
}
var-199903-0051
Vulnerability from variot
IMail POP3 daemon uses weak encryption, which allows local users to read files. IMail is prone to a local security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199903-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "88240"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0019",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2000-0019",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-1598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0019",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-199903-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-1598",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2000-0019",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail POP3 daemon uses weak encryption, which allows local users to read files. IMail is prone to a local security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "BID",
"id": "88240"
},
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2000-0019",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024",
"trust": 0.7
},
{
"db": "BID",
"id": "88240",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-1598",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2000-0019",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "BID",
"id": "88240"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"id": "VAR-199903-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:00:12.119000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-2000-0019"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2000-0019"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/88240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "BID",
"id": "88240"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-1598"
},
{
"date": "1999-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"date": "1999-03-04T00:00:00",
"db": "BID",
"id": "88240"
},
{
"date": "1999-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"date": "1999-03-04T05:00:00",
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-1598"
},
{
"date": "2022-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"date": "1999-03-04T00:00:00",
"db": "BID",
"id": "88240"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-024"
},
{
"date": "2024-11-20T23:31:32.363000",
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "88240"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail POP3 daemon Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
],
"trust": 0.6
}
}
var-200004-0055
Vulnerability from variot
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Due to the implementation of IMail's authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time. Once the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200004-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "1094"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq on April 5, 2000 by Anthony Santen \u003canthony@santen.net\u003e.",
"sources": [
{
"db": "BID",
"id": "1094"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0301",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1880",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0301",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200004-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1880",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Due to the implementation of IMail\u0027s authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time. \nOnce the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "VULHUB",
"id": "VHN-1880"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1094",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0301",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000405 RE: IMAIL (IPSWITCH) DOS WITH EUDORA (QUALCOMM)",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-1880",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"id": "VAR-200004-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:00:47.174000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://support.ipswitch.com/kb/im-20000208-dm02.htm"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/1094"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-1880"
},
{
"date": "2000-04-06T00:00:00",
"db": "BID",
"id": "1094"
},
{
"date": "2000-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"date": "2000-04-06T04:00:00",
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-1880"
},
{
"date": "2000-04-06T00:00:00",
"db": "BID",
"id": "1094"
},
{
"date": "2010-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200004-008"
},
{
"date": "2024-11-20T23:32:11.327000",
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMAIL server Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
],
"trust": 0.6
}
}
var-200102-0075
Vulnerability from variot
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. There is a vulnerability in IPSwitch IMail version 6.0.5. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability
By Sowhat of Nevis Labs Date: 2006.04.11
http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and Microsoft Windows XP Service Pack 1 Internet Explorer 6 for Microsoft Windows XP Service Pack 2 Internet Explorer 6 for Microsoft Windows Server 2003 Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets. Systems that are affected are Windows language versions that use a Double Byte Character Set language. Examples of languages that use DBCS are Chinese, Japanese, and Korean languages. Customers using other language versions of Windows might also be affected if "Language for non-Unicode programs" has been set to a Double Byte Character Set language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.
This attack may be utilized wherever IE parses HTML, such as webpages, email, newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we believe that exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com 2005.12.29 Vendor responded 2006.04.11 Vendor released MS06-0xx patch 2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys, all XFocus and 0x557 guys :)
References:
- http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
- http://www.nsfocus.com/english/homepage/research/0008.htm
- http://xforce.iss.net/xforce/xfdb/5729
- http://www.securityfocus.com/bid/2100/discuss
- http://www.inter-locale.com/whitepaper/IUC27-a303.html
- http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
- [Mozilla Firefox IDN "Host:" Buffer Overflow] http://www.security-protocols.com/advisory/sp-x17-advisory.txt
- [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow] http://www.security-protocols.com/advisory/sp-x18-advisory.txt
- http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com /research/devnotes/1995/may/02/05.htm
-- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200102-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "ibm",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat",
"sources": [
{
"db": "PACKETSTORM",
"id": "45442"
}
],
"trust": 0.1
},
"cve": "CVE-2001-0039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0039",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-2861",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0039",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#739201",
"trust": 0.8,
"value": "7.09"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#808633",
"trust": 0.8,
"value": "5.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#872257",
"trust": 0.8,
"value": "7.09"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#886953",
"trust": 0.8,
"value": "15.19"
},
{
"author": "CNNVD",
"id": "CNNVD-200102-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2861",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. There is a vulnerability in IPSwitch IMail version 6.0.5. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability\n\nBy Sowhat of Nevis Labs\nDate: 2006.04.11\n\nhttp://www.nevisnetworks.com\nhttp://secway.org/advisory/AD20060411.txt\nhttp://www.microsoft.com/technet/security/bulletin/MS06-013.mspx\n\n\nCVE: CVE-2006-1189\n\nVendor\nMicrosoft Inc. \n\nProducts affected:\n\nInternet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4\n\tand Microsoft Windows XP Service Pack 1\nInternet Explorer 6 for Microsoft Windows XP Service Pack 2\nInternet Explorer 6 for Microsoft Windows Server 2003\nInternet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft\n\tWindows 98 SE, and Microsoft Windows Millennium Edition\n\n\n\nThis vulnerability affects systems that use Double-Byte Character Sets. \nSystems that are affected are Windows language versions that use a\nDouble Byte Character Set language. Examples of languages that use DBCS\nare Chinese, Japanese, and Korean languages. Customers using\nother language versions of Windows might also be affected if \"Language\nfor non-Unicode programs\" has been set to a Double Byte Character Set\nlanguage. \n\n\nOverview:\n\nThere exists a buffer overflow in Microsoft Internet Explorer in the\nparsing of DBCS URLS. \n\nThis vulnerability could allow an attacker to execute arbitrary code on the\nvictim\u0027s system when the victim visits a web page or views an HTML email\nmessage. \n\nThis attack may be utilized wherever IE parses HTML, such as webpages, email,\nnewsgroups, and within applications utilizing web-browsing functionality. \n\n\nDetails:\n\nURLMON.DLL does not properly validate IDN containing double-byte character\nsets (DBCS), which may lead to remote code execution. \n\nExploiting this vulnerability seems to need a lot of more work but we\nbelieve that\nexploitation is possible. \n\n\nPOC:\n\nNo PoC will be released for this. \n\n\nFIX:\n\nMicrosoft has released an update for Internet Explorer which is\nset to address this issue. This can be downloaded from:\n\nhttp://www.microsoft.com/technet/security/bulletin/MS06-013.mspx\n\n\nVendor Response:\n\n2005.12.29 Vendor notified via secure@microsoft.com\n2005.12.29 Vendor responded\n2006.04.11 Vendor released MS06-0xx patch\n2006.04.11 Advisory released\n\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\nthe following names to these issues. These are candidates for\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\nnames for security problems. \n\n\n CVE-2006-1189\n\n\nGreetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,\n all XFocus and 0x557 guys :)\n\n\nReferences:\n\n1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx\n2. http://www.nsfocus.com/english/homepage/research/0008.htm\n3. http://xforce.iss.net/xforce/xfdb/5729\n4. http://www.securityfocus.com/bid/2100/discuss\n5. http://www.inter-locale.com/whitepaper/IUC27-a303.html\n6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx\n7. [Mozilla Firefox IDN \"Host:\" Buffer Overflow]\n http://www.security-protocols.com/advisory/sp-x17-advisory.txt\n8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]\n http://www.security-protocols.com/advisory/sp-x18-advisory.txt\n9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com\n\t /research/devnotes/1995/may/02/05.htm\n\n\n\n\n\n\n\n--\nSowhat\nhttp://secway.org\n\"Life is like a bug, Do you know how to exploit it ?\"\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0039"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "45442"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0039",
"trust": 1.7
},
{
"db": "BID",
"id": "2083",
"trust": 1.7
},
{
"db": "BID",
"id": "2035",
"trust": 0.8
},
{
"db": "XF",
"id": "5618",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#739201",
"trust": 0.8
},
{
"db": "BID",
"id": "2033",
"trust": 0.8
},
{
"db": "XF",
"id": "5620",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#808633",
"trust": 0.8
},
{
"db": "BID",
"id": "2034",
"trust": 0.8
},
{
"db": "XF",
"id": "5619",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#872257",
"trust": 0.8
},
{
"db": "BID",
"id": "2032",
"trust": 0.8
},
{
"db": "XF",
"id": "5621",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#886953",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20001206 DOS BY SMTP AUTH COMMAND IN IPSWITCH IMAIL SERVER",
"trust": 0.6
},
{
"db": "XF",
"id": "5674",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-2861",
"trust": 0.1
},
{
"db": "XF",
"id": "5729",
"trust": 0.1
},
{
"db": "BID",
"id": "2100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45442",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "45442"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"id": "VAR-200102-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2861"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:27:13.092000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2083"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08143"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08287"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2035"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/5618.php"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy07831"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy07790"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2033"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/5620.php"
},
{
"trust": 0.8,
"url": "http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2034"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/5619.php"
},
{
"trust": 0.8,
"url": "http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2032"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/5621.php"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy10721"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08812"
},
{
"trust": 0.8,
"url": "http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5674.php"
},
{
"trust": 0.1,
"url": "http://www.inter-locale.com/whitepaper/iuc27-a303.html"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/5729"
},
{
"trust": 0.1,
"url": "http://www.security-protocols.com/advisory/sp-x17-advisory.txt"
},
{
"trust": 0.1,
"url": "http://www.nsfocus.com/english/homepage/research/0008.htm"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"trust": 0.1,
"url": "http://www.nevisnetworks.com"
},
{
"trust": 0.1,
"url": "http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx"
},
{
"trust": 0.1,
"url": "http://www.security-protocols.com/advisory/sp-x18-advisory.txt"
},
{
"trust": 0.1,
"url": "http://secway.org"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/2100/discuss"
},
{
"trust": 0.1,
"url": "http://secway.org/advisory/ad20060411.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://72.14.203.104/search?q=cache:dxn-v4fil1ij:developer.novell.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "45442"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "45442"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#739201"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#808633"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#872257"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#886953"
},
{
"date": "2001-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-2861"
},
{
"date": "2006-04-14T01:00:47",
"db": "PACKETSTORM",
"id": "45442"
},
{
"date": "2001-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"date": "2001-02-16T05:00:00",
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#739201"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#808633"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#872257"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#886953"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2861"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"date": "2017-10-10T01:29:33.263000",
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "45442"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM AIX setclock buffer overflow in remote timeserver argument",
"sources": [
{
"db": "CERT/CC",
"id": "VU#739201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 5.0 | |
| ipswitch | imail | 5.0.5 | |
| ipswitch | imail | 5.0.6 | |
| ipswitch | imail | 5.0.7 | |
| ipswitch | imail | 5.0.8 | |
| ipswitch | imail | 6.0 | |
| ipswitch | imail | 6.0.1 | |
| ipswitch | imail | 6.0.2 | |
| ipswitch | imail | 6.0.3 | |
| ipswitch | imail | 6.0.4 | |
| ipswitch | imail | 6.0.5 | |
| ipswitch | imail | 6.0.6 | |
| ipswitch | imail | 6.1 | |
| ipswitch | imail | 6.2 | |
| ipswitch | imail | 6.3 | |
| ipswitch | imail | 6.4 | |
| ipswitch | imail | 7.0.1 | |
| ipswitch | imail | 7.0.2 | |
| ipswitch | imail | 7.0.3 | |
| ipswitch | imail | 7.0.4 | |
| ipswitch | imail | 7.0.5 | |
| ipswitch | imail | 7.0.6 | |
| ipswitch | imail | 7.0.7 | |
| ipswitch | imail | 7.1 | |
| ipswitch | imail | 7.12 | |
| ipswitch | imail | 8.0.3 | |
| ipswitch | imail | 8.0.5 | |
| ipswitch | imail | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3992E3-D0C8-4A48-B4E1-D31B0D79CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65248233-61A3-4085-8808-6FC2FD87EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B37214DE-41E8-4DD4-AFBF-E608B88D6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58084475-62DE-482E-B34B-A09EBC190C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838CCBFF-1CD5-4B9F-8EA3-97A097F7E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A50719E9-10F0-4FA4-9ADF-771D8995BCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A965D10-F783-423B-BD70-AB11725D0172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E2D897-B37B-43E1-96D9-9BF7A5AFC842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4098FA6A-356C-4AA5-B948-AAD642354F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7920844-DD87-47EF-B3CF-DA2DE04FC7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "606E35DC-DF69-4A95-9116-111D3AF28EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C108EAB-1EDC-458C-A7F8-0B3599E66466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3138FF2C-2D8A-4270-9A55-85FCA3622DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1F768F-1974-4612-BED3-A608CFCC019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "785BD23E-DE6D-4ABA-AFDD-2FEA03E6DA73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via \"specific content.\""
}
],
"id": "CVE-2004-2423",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12453"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1011146"
},
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9553"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1011146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-26 22:17
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3138FF2C-2D8A-4270-9A55-85FCA3622DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1F768F-1974-4612-BED3-A608CFCC019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "785BD23E-DE6D-4ABA-AFDD-2FEA03E6DA73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7A8A7-26C3-4D45-BD9C-7AAF1DC19677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA687C5-0C95-4EE5-ABE8-856A90AD7197",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string \"MIME\" by itself on a line in the header, and a long Content-Transfer-Encoding header line."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en iaspam.dll en el servidor SMTP de Ipswitch IMail Server 8.01 hasta 8.11 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un conjunto de 4 mensajes de correo electr\u00f3nico diferentes con un par\u00e1metro bounday largo en una determinada l\u00ednea de cabecera Content-Type malformada, la cadena \"MIME\" por si misma en una l\u00ednea en la cabecera, y un l\u00ednea larga de cabecera Content-Transfer-Encoding."
}
],
"id": "CVE-2007-5094",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-26T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39390"
},
{
"source": "cve@mitre.org",
"url": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25762"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36723"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3138FF2C-2D8A-4270-9A55-85FCA3622DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1F768F-1974-4612-BED3-A608CFCC019F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el demonio Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) de Ipswitch IMail Server 8.03 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje LDAP con una etiqueta de longitud larga."
}
],
"id": "CVE-2004-0297",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3984"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9682"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-01-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 5.0 | |
| progress | ws_ftp_server | 1.0.1.e | |
| progress | ws_ftp_server | 1.0.2.e |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BE1954-74C5-4A91-9C9A-C0647F281017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE6789D-5DA5-489F-A900-F4788286ACE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920."
}
],
"id": "CVE-1999-1170",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-01-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E2D897-B37B-43E1-96D9-9BF7A5AFC842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4098FA6A-356C-4AA5-B948-AAD642354F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7920844-DD87-47EF-B3CF-DA2DE04FC7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "606E35DC-DF69-4A95-9116-111D3AF28EA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0."
}
],
"id": "CVE-2002-1076",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9679.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9679.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5323"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-04-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3992E3-D0C8-4A48-B4E1-D31B0D79CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65248233-61A3-4085-8808-6FC2FD87EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B37214DE-41E8-4DD4-AFBF-E608B88D6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command."
}
],
"id": "CVE-2000-0301",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-04-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ipswitch.com/kb/IM-20000208-DM02.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ipswitch.com/kb/IM-20000208-DM02.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack."
}
],
"id": "CVE-2000-0780",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information."
}
],
"id": "CVE-2001-1282",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
],
"id": "CVE-2001-1287",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3431"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system."
}
],
"id": "CVE-2001-1280",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3424"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "81B286D0-4168-41FF-AC1F-4E65C3AD7DC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2005-2160",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2005-07-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 8.12 | |
| ipswitch | imail | 8.13 | |
| ipswitch | imail_server | * | |
| ipswitch | ipswitch_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2802265F-2CFD-4AB4-84BF-EAD5E0CA5366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "443C3EE1-1C98-40F6-93DD-F60BD0C46C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FF3313-6C45-44C5-B093-E865AB16BAB9",
"versionEndIncluding": "8.2_hotfix_2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C28E243-026F-4252-9D80-4D69C50467D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character."
}
],
"id": "CVE-2005-1255",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13727"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-27 23:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5963AD0-507D-4290-96B7-F63240958C08",
"versionEndIncluding": "2006.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A64E19D5-12B3-4DE9-B282-9BA2F36294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon."
},
{
"lang": "es",
"value": "M\u00faltiple desbordamiento de b\u00fafer en Ipswitch IMail en versiones anteriores a 2006.21, permite a los atacantes remotos o usuarios autenticados ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de (1) la caracter\u00edstica de autenticaci\u00f3n en IMailsec.dll, el cual lanza una corrupci\u00f3n del mont\u00edculo en IMail Server, o (2) a comando largo SUBSCRIBE IMAP, el cual laza un desbordamiento de b\u00fafer basado en pila en el Daemon IMAP."
}
],
"id": "CVE-2007-2795",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-27T23:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-23 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 2006 | |
| ipswitch | imail_plus | 2006 | |
| ipswitch | imail_premium | 2006 | |
| ipswitch | ipswitch_collaboration_suite | 2006_standard |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "81B286D0-4168-41FF-AC1F-4E65C3AD7DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C6A165-8B6B-4D0F-B2F7-3A5CDA4BA072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail_premium:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "635D04E6-0347-4858-B8F4-AC7BD3565E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*",
"matchCriteriaId": "95104B1C-0B67-43FF-A93C-9296707B3DA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en el control ActiveX IMAILAPILib (IMailAPI.dll) en Ipswitch IMail Server anterior a 2006.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de los miembros (1) WebConnect y (2) Connect en el control (a)IMailServer; miembros (3) Sync3 y (4) Init3 en el control (b) IMailLDAPService y el miembro (5) SetReplyTo en el control (c)IMailUserCollection."
}
],
"evaluatorSolution": "Upgrade to version 2006.2.",
"id": "CVE-2007-1637",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-23T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24422"
},
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017737"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0853"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181."
}
],
"id": "CVE-1999-1046",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-03-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/504"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-03-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL."
}
],
"id": "CVE-1999-1551",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-03-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/505"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code."
}
],
"id": "CVE-2001-1283",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3427"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 8.13 | |
| ipswitch | imail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "443C3EE1-1C98-40F6-93DD-F60BD0C46C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FF3313-6C45-44C5-B093-E865AB16BAB9",
"versionEndIncluding": "8.2_hotfix_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file."
}
],
"id": "CVE-2005-1252",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13727"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 5.0 | |
| ipswitch | imail | 5.0.5 | |
| ipswitch | imail | 5.0.6 | |
| ipswitch | imail | 5.0.7 | |
| ipswitch | imail | 5.0.8 | |
| ipswitch | imail | 6.0 | |
| ipswitch | imail | 6.0.1 | |
| ipswitch | imail | 6.0.2 | |
| ipswitch | imail | 6.0.3 | |
| ipswitch | imail | 6.0.4 | |
| ipswitch | imail | 6.0.5 | |
| ipswitch | imail | 6.0.6 | |
| ipswitch | imail | 6.1 | |
| ipswitch | imail | 6.2 | |
| ipswitch | imail | 6.3 | |
| ipswitch | imail | 6.4 | |
| ipswitch | imail | 7.0.1 | |
| ipswitch | imail | 7.0.2 | |
| ipswitch | imail | 7.0.3 | |
| ipswitch | imail | 7.0.4 | |
| ipswitch | imail | 7.0.5 | |
| ipswitch | imail | 7.0.6 | |
| ipswitch | imail | 7.0.7 | |
| ipswitch | imail | 7.1 | |
| ipswitch | imail | 7.12 | |
| ipswitch | imail | 8.0.3 | |
| ipswitch | imail | 8.0.5 | |
| ipswitch | imail | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3992E3-D0C8-4A48-B4E1-D31B0D79CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65248233-61A3-4085-8808-6FC2FD87EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B37214DE-41E8-4DD4-AFBF-E608B88D6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58084475-62DE-482E-B34B-A09EBC190C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838CCBFF-1CD5-4B9F-8EA3-97A097F7E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A50719E9-10F0-4FA4-9ADF-771D8995BCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A965D10-F783-423B-BD70-AB11725D0172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E2D897-B37B-43E1-96D9-9BF7A5AFC842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4098FA6A-356C-4AA5-B948-AAD642354F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7920844-DD87-47EF-B3CF-DA2DE04FC7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "606E35DC-DF69-4A95-9116-111D3AF28EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C108EAB-1EDC-458C-A7F8-0B3599E66466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3138FF2C-2D8A-4270-9A55-85FCA3622DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1F768F-1974-4612-BED3-A608CFCC019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "785BD23E-DE6D-4ABA-AFDD-2FEA03E6DA73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component."
}
],
"id": "CVE-2004-2422",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12453"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011146"
},
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9552"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9554"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17219"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20040902-DM01.htm#FIXES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17222"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.04 and earlier stores a user\u0027s session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker\u0027s control."
}
],
"id": "CVE-2001-1286",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/261096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3432"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain."
},
{
"lang": "es",
"value": "Ipswitch IMail 7.0.4 y versiones anteriores permiten a atacantes con privilegios de administrador, leer y modificar los alias de los usuarios y la informaci\u00f3n de las listas de correo de otros dominios albergados en el mismo servidor mediante:(1) aliasadmin o(2) programas CGI listadm1, los cuales no verifica adecuadamente que un administrador realmente lo es en ese dominio."
}
],
"id": "CVE-2001-1211",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/247786"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/247786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3766"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/9116.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/4780 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9116.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4780 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 5.0 | |
| ipswitch | imail | 5.0.5 | |
| ipswitch | imail | 5.0.6 | |
| ipswitch | imail | 5.0.7 | |
| ipswitch | imail | 5.0.8 | |
| ipswitch | imail | 6.0 | |
| ipswitch | imail | 6.0.1 | |
| ipswitch | imail | 6.0.2 | |
| ipswitch | imail | 6.0.3 | |
| ipswitch | imail | 6.0.4 | |
| ipswitch | imail | 6.0.5 | |
| ipswitch | imail | 6.0.6 | |
| ipswitch | imail | 6.1 | |
| ipswitch | imail | 6.2 | |
| ipswitch | imail | 6.3 | |
| ipswitch | imail | 6.4 | |
| ipswitch | imail | 7.0.1 | |
| ipswitch | imail | 7.0.2 | |
| ipswitch | imail | 7.0.3 | |
| ipswitch | imail | 7.0.4 | |
| ipswitch | imail | 7.0.5 | |
| ipswitch | imail | 7.0.6 | |
| ipswitch | imail | 7.0.7 | |
| ipswitch | imail | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3992E3-D0C8-4A48-B4E1-D31B0D79CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65248233-61A3-4085-8808-6FC2FD87EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B37214DE-41E8-4DD4-AFBF-E608B88D6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58084475-62DE-482E-B34B-A09EBC190C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838CCBFF-1CD5-4B9F-8EA3-97A097F7E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A50719E9-10F0-4FA4-9ADF-771D8995BCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A965D10-F783-423B-BD70-AB11725D0172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E2D897-B37B-43E1-96D9-9BF7A5AFC842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4098FA6A-356C-4AA5-B948-AAD642354F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7920844-DD87-47EF-B3CF-DA2DE04FC7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "606E35DC-DF69-4A95-9116-111D3AF28EA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter."
}
],
"id": "CVE-2002-0777",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-02-16 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A965D10-F783-423B-BD70-AB11725D0172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes."
}
],
"id": "CVE-2001-0039",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-02-16T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2083"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 8.13 | |
| ipswitch | imail_server | * | |
| ipswitch | ipswitch_collaboration_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "443C3EE1-1C98-40F6-93DD-F60BD0C46C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FF3313-6C45-44C5-B093-E865AB16BAB9",
"versionEndIncluding": "8.2_hotfix_2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C28E243-026F-4252-9D80-4D69C50467D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name."
}
],
"id": "CVE-2005-1256",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13727"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "671A8A4B-B15F-4F80-B550-6031FD5F2A52",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password."
}
],
"id": "CVE-1999-1557",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users."
}
],
"id": "CVE-2001-1284",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-11-14 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0A81DF07-7B75-4590-861C-F0FBC81E86AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash."
}
],
"id": "CVE-2000-0825",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-11-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-16 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | * | |
| ipswitch | imail | * | |
| ipswitch | imail | 5.0 | |
| ipswitch | imail | 5.0.5 | |
| ipswitch | imail | 5.0.6 | |
| ipswitch | imail | 5.0.7 | |
| ipswitch | imail | 5.0.8 | |
| ipswitch | imail | 6.00 | |
| ipswitch | imail | 6.0 | |
| ipswitch | imail | 6.0.1 | |
| ipswitch | imail | 6.0.2 | |
| ipswitch | imail | 6.0.3 | |
| ipswitch | imail | 6.0.4 | |
| ipswitch | imail | 6.0.5 | |
| ipswitch | imail | 6.0.6 | |
| ipswitch | imail | 6.1 | |
| ipswitch | imail | 6.2 | |
| ipswitch | imail | 6.3 | |
| ipswitch | imail | 6.4 | |
| ipswitch | imail | 6.06 | |
| ipswitch | imail | 7.0.1 | |
| ipswitch | imail | 7.0.2 | |
| ipswitch | imail | 7.0.3 | |
| ipswitch | imail | 7.0.4 | |
| ipswitch | imail | 7.0.5 | |
| ipswitch | imail | 7.0.6 | |
| ipswitch | imail | 7.0.7 | |
| ipswitch | imail | 7.1 | |
| ipswitch | imail | 7.12 | |
| ipswitch | imail | 8.0.3 | |
| ipswitch | imail | 8.0.5 | |
| ipswitch | imail | 8.1 | |
| ipswitch | imail | 8.01 | |
| ipswitch | imail | 8.11 | |
| ipswitch | imail | 8.12 | |
| ipswitch | imail | 8.13 | |
| ipswitch | imail | 8.22 | |
| ipswitch | imail | 10 | |
| ipswitch | imail | 10.01 | |
| ipswitch | imail | 10.02 | |
| ipswitch | imail | 11 | |
| ipswitch | imail | 11.01 | |
| ipswitch | imail | 11.02 | |
| ipswitch | imail | 2006 | |
| ipswitch | imail | 2006.1 | |
| ipswitch | imail | 2006.2 | |
| ipswitch | imail | server_8.2_hotfix_2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60AE67A3-2B6C-4875-8832-D90BA925C5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "520F39EA-860F-407A-9BCE-ABD565B57FE8",
"versionEndIncluding": "11.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3992E3-D0C8-4A48-B4E1-D31B0D79CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65248233-61A3-4085-8808-6FC2FD87EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B37214DE-41E8-4DD4-AFBF-E608B88D6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0A81DF07-7B75-4590-861C-F0FBC81E86AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58084475-62DE-482E-B34B-A09EBC190C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838CCBFF-1CD5-4B9F-8EA3-97A097F7E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A50719E9-10F0-4FA4-9ADF-771D8995BCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A965D10-F783-423B-BD70-AB11725D0172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "547B2777-4C96-4C1B-8625-AABC287EFB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E2D897-B37B-43E1-96D9-9BF7A5AFC842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4098FA6A-356C-4AA5-B948-AAD642354F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7920844-DD87-47EF-B3CF-DA2DE04FC7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "606E35DC-DF69-4A95-9116-111D3AF28EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C108EAB-1EDC-458C-A7F8-0B3599E66466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3138FF2C-2D8A-4270-9A55-85FCA3622DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1F768F-1974-4612-BED3-A608CFCC019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "785BD23E-DE6D-4ABA-AFDD-2FEA03E6DA73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7A8A7-26C3-4D45-BD9C-7AAF1DC19677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA687C5-0C95-4EE5-ABE8-856A90AD7197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2802265F-2CFD-4AB4-84BF-EAD5E0CA5366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "443C3EE1-1C98-40F6-93DD-F60BD0C46C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6050F2A0-EF11-4220-8347-53F168106442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C6C863-5810-406B-82A8-487C9479B166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "956A70D0-74D3-4369-8D79-DC2EE639D741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:10.02:*:*:*:*:*:*:*",
"matchCriteriaId": "2547A872-0A78-4758-893B-7A39FE81CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:11:*:*:*:*:*:*:*",
"matchCriteriaId": "587EE83C-5CEF-4F00-BD7B-6D7E2043E110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:11.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3A18DC-AC16-4640-B4D5-6D000E00FE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:11.02:*:*:*:*:*:*:*",
"matchCriteriaId": "335520C7-C0AC-4D89-B3D4-9827772212CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "81B286D0-4168-41FF-AC1F-4E65C3AD7DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A64E19D5-12B3-4DE9-B282-9BA2F36294D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F61C3F0D-D442-4EC9-AC6C-89305AAE61A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:server_8.2_hotfix_2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE282FD7-D9D8-424C-AD7D-42E6C8C7760B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del servidor Ipswitch IMail v11.03 no restringe el b\u00fafer I/O de forma adecuada, lo que permite a los atacantes \"man-in-the-middle insertar comandos en las sesiones SMTP cifrado mediante el env\u00edo de un comando de texto plano que se procesa despu\u00e9s de que TLS est\u00e1 en su lugar, relacionado con un ataque \"inyecci\u00f3n de de comando en texto claro\", un problema similar a CVE -2011- 0411."
}
],
"id": "CVE-2011-1430",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-16T22:55:04.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43676"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8DBRD4"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/71020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0609"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8DBRD4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter."
}
],
"id": "CVE-2001-1285",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3432"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "443C3EE1-1C98-40F6-93DD-F60BD0C46C2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command."
}
],
"id": "CVE-2004-1520",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13200"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11675"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/39329 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/880 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/39329 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/880 | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3992E3-D0C8-4A48-B4E1-D31B0D79CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65248233-61A3-4085-8808-6FC2FD87EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B37214DE-41E8-4DD4-AFBF-E608B88D6EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts."
}
],
"id": "CVE-1999-1497",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/880"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BC8BC2-D87C-49D8-AB9F-E6E23D87FBE6",
"versionEndIncluding": "6.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header."
}
],
"id": "CVE-2001-0494",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
},
{
"source": "cve@mitre.org",
"url": "http://ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5610"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-02-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipswitch | imail | 5.0 | |
| progress | ws_ftp_server | 1.0.1.e | |
| progress | ws_ftp_server | 1.0.2.e |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEFE5A5-6589-4316-9C9F-2F8109696158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BE1954-74C5-4A91-9C9A-C0647F281017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE6789D-5DA5-489F-A900-F4788286ACE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920."
}
],
"id": "CVE-1999-1171",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-02-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=91816507920544\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E2D897-B37B-43E1-96D9-9BF7A5AFC842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4098FA6A-356C-4AA5-B948-AAD642354F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7920844-DD87-47EF-B3CF-DA2DE04FC7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "606E35DC-DF69-4A95-9116-111D3AF28EA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field."
}
],
"id": "CVE-2002-1077",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9722.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9722.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5365"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form."
}
],
"id": "CVE-2001-1281",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipswitch.com/Support/IMail/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3429"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-01-05 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6E11FF5E-9B3D-4818-B091-1286ECF47937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EADF489-0420-4C47-9F73-78114C2042F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi."
}
],
"id": "CVE-2000-0056",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-01-05T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/914"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "102276D0-EFFC-4D45-B406-B3AF7C22F675",
"versionEndIncluding": "server_8.2_hotfix_2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2802265F-2CFD-4AB4-84BF-EAD5E0CA5366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "443C3EE1-1C98-40F6-93DD-F60BD0C46C2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument."
}
],
"id": "CVE-2005-1254",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13727"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-03-04 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
IMail POP3 daemon uses weak encryption, which allows local users to read files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "81B286D0-4168-41FF-AC1F-4E65C3AD7DC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IMail POP3 daemon uses weak encryption, which allows local users to read files."
}
],
"id": "CVE-2000-0019",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-03-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}