exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-127
Posted Jul 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication might be required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message subject contains a "?Q?" operator the string following that sequence is copied to a local stack buffer. No validation of the data or data length is done. In order to reach this code path a mailing list must be password protected (authentication required) or have previously had a password configured (no authentication required). A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, local
MD5 | ee9eae402ef5c43b7deb5f45af40fc1a
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
This App Will Tell You If Your iPhone Gets Hacked
Posted Nov 14, 2019

tags | headline, hacker, phone, apple, backdoor
Iranian Hacking Group Built Its Own VPN Network
Posted Nov 14, 2019

tags | headline, hacker, cyberwar, iran, cryptography
Malware Attacks On Hospitals Are Rising Fast
Posted Nov 13, 2019

tags | headline, malware, cybercrime, fraud
Russian Charged With Running $20 Million Card Fraud Scheme
Posted Nov 13, 2019

tags | headline, bank, usa, russia, cybercrime, fraud
US Violated Constitution By Searching Phones For No Good Reason
Posted Nov 13, 2019

tags | headline, government, privacy, usa, phone, data loss
System Bug Gives Facebook Access To iPhone Cameras
Posted Nov 13, 2019

tags | headline, privacy, phone, flaw, apple, facebook, social
Phishing Emails Spoof WebEx Invites, Abuse Open Redirect
Posted Nov 12, 2019

tags | headline, fraud, flaw, cisco, phish
Microsoft To Employ California's Digital Privacy Law Nationwide
Posted Nov 12, 2019

tags | headline, privacy, microsoft, usa
Labour Party Confirms Cyber Attack Was DDoS
Posted Nov 12, 2019

tags | headline, government, britain, denial of service
Google Accesses Trove Of Patient Data In Project Nightingale
Posted Nov 12, 2019

tags | headline, privacy, google, spyware
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close