exploit the possibilities
Showing 101 - 125 of 415 RSS Feed

IMAP Files

Red Hat Security Advisory 2011-1187-01
Posted Aug 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1187-01 - Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.

tags | advisory, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2011-1929
MD5 | fca58a614fdbcdab6cdde942fa4607ca
Stunnel SSL Wrapper 4.42b2
Posted Jul 27, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: This release fixes a Windows service crash of stunnel 4.40.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | db793abd65e04ef2b5c104b30e546e8f
Stunnel SSL Wrapper 4.40
Posted Jul 24, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: A Win32 GUI menu was added to save cached peer certificate chains. The Win32 "-exit" commandline option was added to stop stunnel when it is not running as a service. File version information was added to stunnel.exe. 2048-bit DH hardcoded parameters are used as a fallback if DH parameters are not provided in stunnel.pem. The default "ciphers" value was updated to prefer ECDH. The default ECDH curve was updated to "prime256v1". Support for temporary RSA keys (used in obsolete export ciphers) was removed.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 7606592f86610d3e0b1ab7c8cb2d3ec8
Hydra Network Logon Cracker 6.5
Posted Jul 17, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added dpl4hydra script by Roland Kessler, Greatly improved HTTP form module, Added interface support for IPv6, Added -W waittime between connects option, and more.
tags | web, imap
systems | cisco, unix
MD5 | 69a5afbbcbe3b1fdd31f9bf616480336
Stunnel SSL Wrapper 4.39
Posted Jul 7, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: A new Windows installer module was added to build a self-signed stunnel.pem. Configuration file editing and log file reopening were added to the Windows GUI. Configuration file reloading with the Windows GUI was improved.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 853739119a8364daea750154af6d7e79
Stunnel SSL Wrapper 4.38
Posted Jun 29, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Server Name Indication (SNI) TLS extension support was implemented for name-based virtual servers. Stunnel can now switch service section on the fly, based on the destination host name included in the Client Hello message. Numerous fixes were also added for bugs introduced in previous, experimental versions.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | de5c0478303da746f946d9c112fa7f4b
Debian Security Advisory 2258-1
Posted Jun 13, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2258-1 - It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Please note that the advisory number listed in this advisory incorrectly calls it 2257-1, but it is 2258-1.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-1926
MD5 | 53b5da26869a890a20776041e9d3f065
Red Hat Security Advisory 2011-0859
Posted Jun 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0859 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. Various other issues were also addressed.

tags | advisory, imap, protocol
systems | linux, redhat
advisories | CVE-2011-1926
MD5 | 282a2dc5e3eb4630e709b008961d9b6b
Xplico Network Forensic Analysis Tool 0.6.3
Posted Jun 7, 2011
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: New decoding manager. WebMail scripts improved. HTTP dissector improved. Various other updates.
tags | tool, imap, forensics
systems | linux
MD5 | 91067785cc0803c85be327779fba4e38
Zero Day Initiative Advisory 11-171
Posted Jun 4, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.

tags | advisory, remote, arbitrary, tcp, imap, code execution
MD5 | f771aa947d620a5ea4c05a84dce94675
Debian Security Advisory 2242-1
Posted May 26, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-1926
MD5 | d20e8cec88afe776aee621e23ae7d78f
Mandriva Linux Security Advisory 2011-100
Posted May 25, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-100 - The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411.

tags | advisory, imap
systems | linux, mandriva
advisories | CVE-2011-1926
MD5 | 1840529d0f345fdcab76b0cbc09137de
Stunnel SSL Wrapper 4.36
Posted May 4, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Win32 OpenSSL DLLs were updated to version 1.0.0d. Dynamic memory was introduced for management of string manipulation in order to prevent a static STRLEN limit and to lower stack footprint. Strict public key comparison was added for "verify = 3" certificate checking mode. Backlog parameter of listen(2) was changed from 5 to SOMAXCONN to improve behavior on heavy load. A number of bugs were fixed, including a memory leak and some Mac OS X compatibility fixes.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 600a09b03798424842b24548ca1e4235
Secunia Security Advisory 44414
Posted May 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cyrus IMAP Server, which can be exploited by malicious people to manipulate certain data.

tags | advisory, imap
MD5 | e73252509dd71f5e11935720af622573
Xplico Network Forensic Analysis Tool 0.6.2
Posted May 3, 2011
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: l7-patterns for all flows/protocols not decoded by Xplico. Xplico Interface (XI) improved. Python3 porting of many script. Various other bug fixes.
tags | tool, imap, forensics
systems | linux
MD5 | 53da4adde62ceaef117dbd2057a39d55
Hydra Network Logon Cracker 6.3
Posted Apr 30, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple patches added. New Oracle and SMTP user enum modules. Multiple bug fixes.
tags | web, imap
systems | cisco, unix
MD5 | d160b92e0c498b9dd6d474e58c79a83a
Hydra Network Logon Cracker 6.2
Posted Apr 7, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Password bruteforcing mode, new XMPP and IRC modules, and more.
tags | web, imap
systems | cisco, unix
MD5 | 3249cc9e30c2037c5d4dee557cb77ea5
Zero Day Initiative Advisory 11-058
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imapd process responsible for handling remote IMAP requests. The process does not properly validate IMAP commands and arguments. Supplying an overly long command followed by an invalid argument can cause an exploitable overflow to occur. This vulnerability can be leveraged to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, imap
MD5 | f6edb4fc4e8d6f30d9484b8c47b81bb0
Stunnel SSL Wrapper 4.35
Posted Feb 7, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: OpenSSL DLLs were updated to version 1.0.0c. Transparent source (non-local bind) support was added for FreeBSD 8.x. Transparent destination ("transparent = destination") support was added for Linux. A number of bugfixes were also implemented.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 2c8e153caee9d954fb7d00980968b50d
Zero Day Initiative Advisory 11-045
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-045 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. By providing enough of these characters, memory can be corrupted leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, imap, code execution
MD5 | 039ce222adfeb51a9d5723e6217db345
Hydra Network Logon Cracker 6.1
Posted Feb 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: More license updates, a fix for the configure script, checks added for libssh 0.4 and sshv1 support, merged all the latest crypto code in sasl files, and fixed SVN compilation issue on openSUSE.
tags | tool, web, imap
systems | cisco, unix
MD5 | 729360bed47fc98cb30234c5ede79c1c
Hydra Network Logon Cracker 6.0
Posted Jan 26, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added GPL exception clause to license to allow linking to OpenSSL, IPv6 support finally added, Bugfix for SIP module, Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules. Various other fixes, additions and improvements.
tags | web, imap
systems | cisco, unix
MD5 | 6ea0006543ca358093319df591e46bab
Hydra Network Logon Cracker 5.9
Posted Dec 28, 2010
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Update for the subversion module for newer SNV versions. Mysql module now has two implementations and uses a library when found. Better FTP 530 error code detection and more.
tags | web, imap
systems | cisco, unix
MD5 | 7513f47b81517b80f055b996d96f2eac
Xplico Network Forensic Analysis Tool 0.6.1
Posted Dec 6, 2010
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: Paltalk dissector, MSN basic dissector, various bug fixes.
tags | tool, imap, forensics
systems | linux
MD5 | 6c1f4c3fa2e39a12a6f31996b6206233
Mandriva Linux Security Advisory 2010-239
Posted Nov 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-239 - A possible double free flaw was found in the imap extension for php. A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could case a segmentation fault.

tags | advisory, php, imap
systems | linux, mandriva
advisories | CVE-2010-4150
MD5 | e107d1663af92df77c7e6d959268838d
Page 5 of 17
Back34567Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close