Computer Security
[EN] securityvulns.ru no-pyccku


Multiple MailEnable vulnerabilities
updated since 20.03.2006
Published:21.03.2006
Source:
SecurityVulns ID:5914
Type:remote
Threat Level:
5/10
Description:POP3 authentication vulnerability, crossite scripting, information leak.
Affected:MAILENABLE : MailEnable Standard 1.93
 MAILENABLE : MailEnable Professional 1.73
 MAILENABLE : MailEnable Enterprise 1.21
CVE:CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.)
 CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.)
 CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.)
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow (21.03.2006)
 documentSECUNIA, [SA19288] MailEnable Webmail and Unspecified POP Vulnerabilities (20.03.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod