CVE-2008-1497
published 2008-03-25CVE-2008-1497: Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long…
PriorityP344critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
6.30%
92.7th percentile
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
| netwin | surgemail | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9g26-m4cr-3gm2: Buffer overflow in the IMAP service in NetWin Surgemail 3
ghsa_unreviewed·2022-05-17·CVSS 9.0
CVE-2008-7182 [CRITICAL] CWE-119 GHSA-9g26-m4cr-3gm2: Buffer overflow in the IMAP service in NetWin Surgemail 3
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
GHSA
GHSA-29rx-6x28-gmg7: Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via
ghsa_unreviewed·2022-05-01
CVE-2008-1497 [HIGH] CWE-119 GHSA-29rx-6x28-gmg7: Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/29105http://securityreason.com/securityalert/3774http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07http://www.netwinsite.com/surgemail/help/updates.htmhttp://www.securityfocus.com/archive/1/489959/100/0/threadedhttp://www.securityfocus.com/bid/28377https://exchange.xforce.ibmcloud.com/vulnerabilities/41402http://secunia.com/advisories/29105http://securityreason.com/securityalert/3774http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07http://www.netwinsite.com/surgemail/help/updates.htmhttp://www.securityfocus.com/archive/1/489959/100/0/threadedhttp://www.securityfocus.com/bid/28377https://exchange.xforce.ibmcloud.com/vulnerabilities/41402
2008-03-25
Published