what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-127
Posted Jul 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication might be required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message subject contains a "?Q?" operator the string following that sequence is copied to a local stack buffer. No validation of the data or data length is done. In order to reach this code path a mailing list must be password protected (authentication required) or have previously had a password configured (no authentication required). A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, local
MD5 | ee9eae402ef5c43b7deb5f45af40fc1a
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
US Charges Five Hackers Part Of Chinese State-Sponsored Group APT41
Posted Sep 16, 2020

tags | headline, hacker, government, usa, china, data loss, cyberwar
Dunkin Donuts Glazes Over Customer Data Loss In Lawsuit
Posted Sep 16, 2020

tags | headline, hacker, privacy, data loss
Accidental Airbnb Account Takeover Linked To Recycled Phone Numbers
Posted Sep 16, 2020

tags | headline, hacker, phone, password
Bluetooth Spoofing Bug Affects Billions Of IoT Devices
Posted Sep 16, 2020

tags | headline, wireless, flaw
Magecart Attack Impacts More Than 10k Online Shoppers
Posted Sep 15, 2020

tags | headline, hacker, malware, bank, cybercrime, fraud
MITRE Releases Emulation Plan For FIN6 Hacking Group
Posted Sep 15, 2020

tags | headline, hacker, government, usa, fraud
MFA Bypass Bugs Opened Microsoft 365 To Attack
Posted Sep 15, 2020

tags | headline, microsoft, flaw, password
European Police Malware Could Harvest GPS, Messages, Passwords, More
Posted Sep 15, 2020

tags | headline, government, privacy, malware, phone, spyware
Department Of Veterans Affairs Breach Impacts 46,000 Veterans
Posted Sep 15, 2020

tags | headline, hacker, government, privacy, usa, data loss, military
Coronavirus: FM Learned Of Data Breach 11 Days After Health Minister
Posted Sep 15, 2020

tags | headline, government, privacy, virus, britain, data loss
View More News →
packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close