Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
3f591c7a631bafffaada2cfc5a79b9c4684f546ebd662c0ca097208d05d700f4Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
187d0df2701d51c09b66f120cf6f1a62c4161e3e58dc84f893c1e5c7ccf30262Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
cc544d65aa4d60a0f91e21a6930824ab0588813e3a05c5a9d8020fff47dca841Mandriva Linux Security Advisory 2009-146 - Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit.
7d4cf5f5853a965d4cb5684b8a5cd31bb2f6df434ea4e84c2a8c04a5925e5280Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
73f9b69afe3b7c5c3c1b6f076a540b4124cf95293f3938097d054a9ee9edfbcdMandriva Linux Security Advisory 2009-229 - Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
e1e2ecde41b24810e22456945dec8bd2d7abdfc74d25908b7cd1437485f3dd8dThis Metasploit module exploits a stack overflow in the Qualcomm WorldMail IMAP Server version 3.0 (build version 6.1.22.0). Using the PAYLOAD of windows/shell_bind_tcp allows or the most reliable results.
2e4d189387ba98a5cfc55e1b2069672f8e124842d9a76dd7e47cd00b025cf6adThis Metasploit module exploits a stack overflow in Ipswitch IMail Server 2006.1 IMAP SEARCH verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. In order for this module to be successful, the IMAP user must have at least one message.
0757ecb74978f93cacdc4418ef7c38cab531545bd9b32a8f39f8239a920240bfMailEnable's IMAP server contains a buffer overflow vulnerability in the Login command.
a4eceb36c2639afe9fd1c656c7174c4475cb9596985d2e61b7f06f2ea8f79eeaMailEnable's IMAP server contains a buffer overflow vulnerability in the STATUS command. With proper credentials, this could allow for the execution of arbitrary code.
cf73368ca1456ebf0d123b52f99898904ccc211d943abcf2dbfe856cbeb1c9a1This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
ab790525ee06e4631621b8a149d2cc10a555ebb52be8f2bcf2739624fa36b789This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
e1e88ec1c914159c02c88aa646f73a91ac2acbc316b4991a9d0f98473b227142Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerability.
c2b10d51d7fe81041b5773f98702a25cb43650d4819457d1ebaa769257273fc3This Metasploit module exploits a stack overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results.
bcc9986727d1a31fd19c6ec9efeca29335e3bac2e984bdb32e707abede16b9c6This Metasploit module exploits a stack overflow vulnerability in the Mercury/32 v.4.01a IMAP service.
b7ce17f5eebf1671ae2fcf43472ecc4b6c37e626369cda2c8082600012b410afThis Metasploit module exploits a stack overflow in Novell's Netmail 3.52 IMAP APPEND verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
c2b343f8b2b08c2acbc1a657fc530022dd5ded78e281457e1ff77f70c7f431bbThis Metasploit module exploits a stack overflow in Novell's NetMail 3.52 IMAP AUTHENTICATE GSSAPI command. By sending an overly long string, an attacker can overwrite the buffer and control program execution. Using the PAYLOAD of windows/shell_bind_tcp or windows/shell_reverse_tcp allows for the most reliable results.
fd08544af93978e7545fadf71e6021efde4fad0baf16fda963c7559da485984dThis Metasploit module exploits a stack overflow in Novell's Netmail 3.52 IMAP STATUS verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
3e62e2b4ee4a08aa484b5f8c28fdd1b562f6f398d8eef098e2954201fb7d15f1Gentoo Linux Security Advisory 200911-3 - Multiple vulnerabilities have been found in the UW IMAP toolkit and the c-client library, the worst of which leading to the execution of arbitrary code. Versions less than 2007e are affected.
ab9d7e8131f4629b6a10dc3c533fd0fa7d18b4d2ca3137755a0267d4b9021931Secunia Security Advisory - Gentoo has issued an update for uw-imap and c-client. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c4775979676fdcd4942cb6e57e14fe6f071ab2787723cee1f7cd8e0e7188bb9bStunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
9be98fb1aa5e96e44095df267d89b776aa539e6dce90dd0d54db675e9a95cd80This Metasploit module exploits a stack overflow in Novell's NetMail 3.52 IMAP SUBSCRIBE verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
4f3a51860649cb4cf74cf0fc0cb120be7c093bb1528c86e2aeecca4de2ca9ae8This Metasploit module exploits a buffer overflow in the 'LSUB' command of the University of Washington IMAP service. This vulnerability can only be exploited with a valid username and password.
ed074262b944617dd05f31cfbad7fdb4bc44dbc72e181c6afa6bc59ed9e6d14aQuiksoft EasyMail version 6.0.3.0 suffers from an IMAP related connect() stack overflow vulnerability.
66991cdd84a9ccc131edc267756ec5e66748a1a775a9804a3050875dd458e065Debian Security Advisory 1884-1 - Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
1419e6a12847d769f87454f95d9dcca030059bae87b601f27e6e4beb3aa3d9ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed