The Raw Message Handler (FORM2RAW.exe) CGI, accessible by default from the WebClient interface, lets unauthenticated users inject mails in the Raw messages queue that can trigger a stack overflow in MDaemon.exe
A successful exploit of a reported security vulnerability could allow an attacker to remotely execute arbitrary code on the ePolicy Orchestrator server. The attack would require network access to the ePolicy Orchestrator server system and reverse engineering of the proprietary communications protocol.
MailEnable is prone to a remotely exploitable buffer overflow vulnerability. This issue occurs in the server's HTTP Header Field Definitions. This condition may be leveraged to overwrite sensitive program control variables, allowing a remote attacker to control execution flow of the server process.
Exploits a stack buffer overflow in the Lotus Domino IMAP Server after authentication. This exploit creates a subscription to a mailbox with a long name in the IMAP server, and then sends a LSUB command that triggers the overflow. After trying to deploy an agent, the module tries to unsubscribe from the mailbox. If the module is unable to unsubscribe it will try again the next time the module is run against the same target. The IMAP server may crash. In that case the user will still be subscribed to the mailbox and the server will crash again when the user sends a LSUB command. The module has an option called ACTION to unsubscribe from the mailbox and stop this behavior.
Subscribe to Exploits