Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2007-5467

Published: 15/10/2007 Updated: 29/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Extremail

Vulnerability Summary

Integer overflow in eXtremail 2.1.1 and previous versions allows remote malicious users to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.

Vulnerable Product Search on Vulmon Subscribe to Product

extremail extremail

Exploits

Exploit DB: eXtremail 2.1.1 - 'LOGIN' Remote Stack Overflow
/* extremail-v4c * * Copyright (c) 2006 by <mu-b@digit-labsorg> * * eXtremail <=211 remote root exploit (x86-lnx) * by mu-b - Sun Oct 08 2006 * * - Tested on: eXtremail 211 (lnx) * * Overflow in LOGIN command of admin interface * * - Private Source Code -DO NOT DISTRIBUTE - * wwwdigit-labsorg/ -- Digit-Labs 2 ...
Exploit DB: eXtremail 2.1.1 - 'memmove()' Remote Denial of Service
#!/usr/bin/perl # # extremail-v3pl # # Copyright (c) 2006 by <mu-b@digit-labsorg> # # eXtremail <=211 remote root POC (x86-lnx) # by mu-b - Fri Oct 06 2006 # # Tested on: eXtremail 211 (lnx) # eXtremail 210 (lnx) # # - Private Source Code -DO NOT DISTRIBUTE - # wwwdigit-labsorg/ -- Digit-Labs 2006!@$! ####### ...
Exploit DB: eXtremail 2.1.1 - Remote Heap Overflow (PoC)
#!/usr/bin/perl # # extremail-v8pl # # Copyright (c) 2007 by <mu-b@digit-labsorg> # # eXtremail <=211 remote PoC # by mu-b - Wed Jan 31 2007 # # Tested on: eXtremail 211 (lnx) # eXtremail 210 (lnx) # # - Private Source Code -DO NOT DISTRIBUTE - # wwwdigit-labsorg/ -- Digit-Labs 2007!@$! ######## use Getopt:: ...
Exploit DB: eXtremail 2.1.1 - PLAIN Authentication Remote Stack Overflow
/* extremail-v6c * * Copyright (c) 2006 by <mu-b@digit-labsorg> * * eXtremail <=211 remote root exploit (x86-lnx) * by mu-b - Wed Oct 18 2006 * * - Tested on: eXtremail 211 (lnx) * eXtremail 210 (lnx) * * Stack overflow in ifParseAuthPlain * * - Private Source Code -DO NOT DISTRIBUTE - * wwwdigi ...

References

CWE-189http://www.securityfocus.com/archive/1/482293http://www.digit-labs.org/files/exploits/extremail-v3.plhttp://www.securityfocus.com/bid/26074http://secunia.com/advisories/27220https://www.exploit-db.com/exploits/4532https://nvd.nist.govhttps://www.exploit-db.com/exploits/4533/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook