Netmail
by Novell
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5478 | 0.10 | — | 0.84 | Oct 24, 2006 | Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL… | |||
| CVE-2006-6424 | 0.08 | — | 0.58 | Dec 27, 2006 | Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to… | |||
| CVE-2006-6425 | 0.08 | — | 0.58 | Dec 27, 2006 | Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. | |||
| CVE-2005-3314 | 0.08 | — | 0.66 | Nov 18, 2005 | Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments." | |||
| CVE-2006-6761 | 0.07 | — | 0.54 | Dec 27, 2006 | Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. | |||
| CVE-2005-1758 | 0.04 | — | 0.16 | Jun 8, 2005 | Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||
| CVE-2005-2176 | 0.03 | — | 0.04 | Jul 9, 2005 | Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||
| CVE-2007-1350 | 0.02 | — | 0.19 | Mar 8, 2007 | Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. | |||
| CVE-2007-6302 | 0.00 | — | 0.06 | Dec 10, 2007 | Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." | |||
| CVE-2007-2616 | 0.00 | — | 0.06 | May 11, 2007 | Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. | |||
| CVE-2006-6762 | 0.00 | — | 0.02 | Dec 27, 2006 | The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | |||
| CVE-2005-1976 | 0.00 | — | 0.00 | Dec 31, 2005 | Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files. | |||
| CVE-2005-2469 | 0.00 | — | 0.01 | Oct 20, 2005 | Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. | |||
| CVE-2005-1756 | 0.00 | — | 0.02 | Jun 8, 2005 | Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||
| CVE-2005-1757 | 0.00 | — | 0.03 | Jun 8, 2005 | Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||
| CVE-2004-2298 | 0.00 | — | 0.02 | Dec 31, 2004 | Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP… | |||
| CVE-2002-0996 | 0.00 | — | 0.04 | Oct 4, 2002 | Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. | |||
| CVE-2002-0997 | 0.00 | — | 0.02 | Oct 4, 2002 | Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. |
- CVE-2006-5478Oct 24, 2006risk 0.10cvss —epss 0.84
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL…
- CVE-2006-6424Dec 27, 2006risk 0.08cvss —epss 0.58
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to…
- CVE-2006-6425Dec 27, 2006risk 0.08cvss —epss 0.58
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
- CVE-2005-3314Nov 18, 2005risk 0.08cvss —epss 0.66
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
- CVE-2006-6761Dec 27, 2006risk 0.07cvss —epss 0.54
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
- CVE-2005-1758Jun 8, 2005risk 0.04cvss —epss 0.16
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.
- CVE-2005-2176Jul 9, 2005risk 0.03cvss —epss 0.04
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
- CVE-2007-1350Mar 8, 2007risk 0.02cvss —epss 0.19
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
- CVE-2007-6302Dec 10, 2007risk 0.00cvss —epss 0.06
Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."
- CVE-2007-2616May 11, 2007risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.
- CVE-2006-6762Dec 27, 2006risk 0.00cvss —epss 0.02
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
- CVE-2005-1976Dec 31, 2005risk 0.00cvss —epss 0.00
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.
- CVE-2005-2469Oct 20, 2005risk 0.00cvss —epss 0.01
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command.
- CVE-2005-1756Jun 8, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.
- CVE-2005-1757Jun 8, 2005risk 0.00cvss —epss 0.03
Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code.
- CVE-2004-2298Dec 31, 2004risk 0.00cvss —epss 0.02
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP…
- CVE-2002-0996Oct 4, 2002risk 0.00cvss —epss 0.04
Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb.
- CVE-2002-0997Oct 4, 2002risk 0.00cvss —epss 0.02
Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.