Youngzsoft CMailServer < 5.2.1 Multiple Remote Vulnerabilities

critical Nessus Plugin ID 15828

Synopsis

The remote mail server has multiple vulnerabilities.

Description

The remote host is running YoungZSoft CMailServer, a mail server for Microsoft Windows.

The version of CMailServer running on the remote machine has multiple vulnerabilities, including buffer overflow, SQL injection, and HTML injection. These vulnerabilities could allow a remote attacker to execute arbitrary code.

Solution

Upgrade to CMailServer 5.2.1 or later.

See Also

https://seclists.org/bugtraq/2004/Nov/335

Plugin Details

Severity: Critical

ID: 15828

File Name: cmail_multiple.nasl

Version: 1.17

Type: remote

Published: 11/24/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/24/2004

Reference Information

CVE: CVE-2004-1128, CVE-2004-1129, CVE-2004-1130

BID: 11742

Secunia: 13298