CVE-2008-1277
published 2008-03-10CVE-2008-1277: The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service…
PriorityP341critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
8.25%
94.2th percentile
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mailenable | mailenable_enterprise | <= 3.13 | — |
| mailenable | mailenable_professional | <= 3.13 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
exploitdb·2008-06-12
CVE-2009-1277 Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
---
Gravity Board X 2.0 Beta (SQL/XSS) Multiple Remote Vulnerabilities
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 12 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : Gravity Board X
VERSION : 2.0 Beta
DOWNLOAD : http://downloads.sourceforge.net/gbx
#####################################################
+++ Remote Stored XSS Exploit +++
When you create new thread in forum, you can inject javascript in title fie
Exploit-DB
MailEnable 3.13 - IMAP Service Multiple Remote Vulnerabilities
exploitdb·2008-03-07
CVE-2008-1277 MailEnable 3.13 - IMAP Service Multiple Remote Vulnerabilities
MailEnable 3.13 - IMAP Service Multiple Remote Vulnerabilities
---
source: https://www.securityfocus.com/bid/28145/info
MailEnable is prone to multiple remote vulnerabilities in the IMAP service, including:
- Multiple buffer-overflow vulnerabilities.
- Multiple denial-of-service vulnerabilities due to a NULL-pointer exception.
An attacker may leverage these issues to execute arbitrary code in the context of the running application or to crash the application, causing a denial of service.
These issues affect MailEnable 3.13; other versions may also be vulnerable.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31360-1.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31360-2.pl
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/maildisable-adv.txthttp://secunia.com/advisories/29277http://securityreason.com/securityalert/3724http://www.securityfocus.com/archive/1/489270/100/0/threadedhttp://www.securityfocus.com/bid/28145http://www.securitytracker.com/id?1019565http://www.vupen.com/english/advisories/2008/0799/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41059http://aluigi.altervista.org/adv/maildisable-adv.txthttp://secunia.com/advisories/29277http://securityreason.com/securityalert/3724http://www.securityfocus.com/archive/1/489270/100/0/threadedhttp://www.securityfocus.com/bid/28145http://www.securitytracker.com/id?1019565http://www.vupen.com/english/advisories/2008/0799/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41059
2008-03-10
Published