Apr 15 2008 12:00AM
BigAnt IM Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the server. Failed exploit attempts will result in a denial-of-service condition.
BigAnt IM Server 2.2 is vulnerable; other versions may also be affected.
Apr 10 2008 12:00AM
WinWebMail is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Remote attackers can exploit this issue to crash the server and deny service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
WinWebMail 3.7.3.2 is vulnerable; other versions may also be affected.
Apr 04 2008 12:00AM
SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it will crash.
Remote attackers can exploit this issue to deny service to legitimate users.
SmarterMail 5.0 is vulnerable; other versions may also be affected.
NetWin Surgemail 0DAY (IMAP POST AUTH) Remote LIST Universal Exploit
Affected Versions : Version 3.8k4-4 Windows Platform
Tested on OS : Windows 2000 SP4 English, Windows XP Sp2 English,Windows 2003 Standard Edition Italian
Discovery Date : 03/13/2008
Bug discovered and coded by Matteo Memelli aka ryujin
Affected Versions : MDaemon IMAP server v9.6.4
Tested on OS : Windows 2000 SP4 English, Windows XP Sp2 English, Windows 2003 Standard Edition Italian
Bug discovered and coded by Matteo Memelli aka ryujin
Affected Versions : Standard Edition all versions
Professional Edition all versions
Enterprise Edition all versions
Tested on OS : Windows 2000 SP4 English
Windows 2003 Standard Edition Italian
Windows XP SP2 English
Discovery Date : 02/24/2008
Initial vendor notification : 03/06/2008
Coordinated public disclosure: 03/11/2008
Back from Patagonia!!! I could not resist to my penguins friends!!!
Microsoft DirectX SAMI File Parsing Stack Buffer Exploit released.
http://www.milw0rm.com/exploits/4866
"g00gle CrewBots" wants to show how it would be possible to set up covert channels through g00gle services over the http protocol. Moreover, the paper, tries to find out how malicious users could upload sensitive information to an unauthorized and remote server, though you deny to surf every website but the g00gle one (and some other business related websites) and you forbid users from ssl-izing their datastream.
