The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server.
An internal memory buffer may be overrun while handling long MKD commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process.
An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process.
The vulnerability is caused due to a boundary error in the handling of HTTP "GET" requests. This can be exploited to cause a buffer overflow by sending a specially crafted overly long request with a pathname larger than 1787 bytes.
The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System.
The vulnerability is caused due to a boundary error within Mercury/32 IMAPD Server Module (mercuryi.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
Authentication is not required to exploit this vulnerability.
The vulnerability is caused due to a boundary error within Mercury/32 IMAPD Server Module (mercuryi.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
Authentication is not required to exploit this vulnerability.
This module exploits a buffer overflow vulnerability during the processing of requested resources to cause a stack-based buffer overflow by requesting a resource with an overly long name.
This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field.
This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System.
The vulnerability is caused due to a boundary error within Mercury/32 PH Server Module (mercuryh.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
Authentication is not required to exploit this vulnerability.
The vulnerability is caused due to a boundary error within Mercury/32 PH Server Module (mercuryh.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
Authentication is not required to exploit this vulnerability.
The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field.