Multiple MailEnable vulnerabilities updated since 20.03.2006
Published:		21.03.2006
Source:		BUGTRAQ
SecurityVulns ID:		5914
Type:		remote
Level:		5/10
Description:		POP3 authentication vulnerability, crossite scripting, information leak.

Affected:		MAILENABLE : MailEnable Standard 1.93
		MAILENABLE : MailEnable Professional 1.73
		MAILENABLE : MailEnable Enterprise 1.21
CVE:		CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.)
		CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.)
		CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.)

Original document		noreply_(at)_musecurity.com, [Full-disclosure] [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow (21.03.2006)
		SECUNIA, [SA19288] MailEnable Webmail and Unspecified POP Vulnerabilities (20.03.2006)

Discuss:

Read or add your comments to this news (0 comments)