David Harris
Products
7- 9 CVEs
- 4 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9046 | Hig | 0.47 | 7.3 | 0.01 | May 21, 2017 | winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote… | ||
| CVE-2004-1211 | 0.09 | — | 0.72 | Jan 10, 2005 | Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6)… | |||
| CVE-2007-4440 | 0.08 | — | 0.65 | Aug 21, 2007 | Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. | |||
| CVE-2007-1373 | 0.08 | — | 0.59 | Mar 10, 2007 | Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. | |||
| CVE-2005-4411 | 0.08 | — | 0.65 | Dec 20, 2005 | Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | |||
| CVE-2004-2513 | 0.04 | — | 0.10 | Dec 31, 2004 | Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | |||
| CVE-2000-0930 | 0.04 | — | 0.08 | Dec 19, 2000 | Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | |||
| CVE-2009-3838 | 0.03 | — | 0.06 | Nov 2, 2009 | Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message. | |||
| CVE-2007-5018 | 0.03 | — | 0.04 | Sep 20, 2007 | Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211. | |||
| CVE-2007-2814 | 0.03 | — | 0.05 | May 22, 2007 | Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage,… | |||
| CVE-2006-5961 | 0.03 | — | 0.02 | Nov 17, 2006 | Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original… | |||
| CVE-2002-1075 | 0.03 | — | 0.06 | Oct 4, 2002 | Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers. | |||
| CVE-2001-0442 | 0.03 | — | 0.05 | Jun 27, 2001 | Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. | |||
| CVE-2020-10990 | 0.00 | — | 0.01 | Mar 26, 2020 | An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. | |||
| CVE-2005-4444 | 0.00 | — | 0.03 | Dec 21, 2005 | Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | |||
| CVE-2005-4445 | 0.00 | — | 0.03 | Dec 21, 2005 | Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | |||
| CVE-2000-0931 | 0.00 | — | 0.02 | Dec 19, 2000 | Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data. | |||
| CVE-1999-1366 | 0.00 | — | 0.00 | May 15, 1999 | Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. | |||
| CVE-1999-0098 | 0.00 | — | 0.03 | Apr 1, 1998 | Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. |
- risk 0.47cvss 7.3epss 0.01
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote…
- CVE-2004-1211Jan 10, 2005risk 0.09cvss —epss 0.72
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6)…
- CVE-2007-4440Aug 21, 2007risk 0.08cvss —epss 0.65
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.
- CVE-2007-1373Mar 10, 2007risk 0.08cvss —epss 0.59
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
- CVE-2005-4411Dec 20, 2005risk 0.08cvss —epss 0.65
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
- CVE-2004-2513Dec 31, 2004risk 0.04cvss —epss 0.10
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
- CVE-2000-0930Dec 19, 2000risk 0.04cvss —epss 0.08
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.
- CVE-2009-3838Nov 2, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
- CVE-2007-5018Sep 20, 2007risk 0.03cvss —epss 0.04
Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
- CVE-2007-2814May 22, 2007risk 0.03cvss —epss 0.05
Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage,…
- CVE-2006-5961Nov 17, 2006risk 0.03cvss —epss 0.02
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original…
- CVE-2002-1075Oct 4, 2002risk 0.03cvss —epss 0.06
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
- CVE-2001-0442Jun 27, 2001risk 0.03cvss —epss 0.05
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
- CVE-2020-10990Mar 26, 2020risk 0.00cvss —epss 0.01
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.
- CVE-2005-4444Dec 21, 2005risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.
- CVE-2005-4445Dec 21, 2005risk 0.00cvss —epss 0.03
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
- CVE-2000-0931Dec 19, 2000risk 0.00cvss —epss 0.02
Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
- CVE-1999-1366May 15, 1999risk 0.00cvss —epss 0.00
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
- CVE-1999-0098Apr 1, 1998risk 0.00cvss —epss 0.03
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.