The remote host is running the Fortinet FortiMail POP3S mail server.  Fortinet FortiMail is an email security appliance which filters email for spam and other malware.  The POP3S component of Fortinet FortiMail allows remote users to download email over an encrypted (SSL/TLS) network connection.

The remote host is running the Fortinet FortiMail POP3 mail server.  Fortinet FortiMail is an email security appliance which filters email for spam and other malware.  The POP3 component of Fortinet FortiMail allows remote users to download email in a plain text format.

The remote Windows host is running the Alt-N MDaemon mail server.  The installed version of MDaemon is earlier than 11.0.1.  Such versions are potentially affected by multiple unspecified denial of service vulnerabilities.

The remote host appears to be running Ability Mail Server < 2.70.  Such versions are potentially affected by an issue caused by an unspecified error when handling IMAP version 4 FETCH commands.  An attacker could exploit this flaw to crash the affected service.

The remote host is running Alt-N MDaemon, a mail server for Windows.  According to its banner, a version of MDaemon mail server older than 10.0.2 is installed on the remote host.  Such versions ship with a version of WorldClient (a webmail client) that is affected by a script injection vulnerability.  By tricking a user into opening a specially crafted email, an attacker can exploit this issue to execute script code in the user's browser in the security context of the affected application and thereby steal cookie based credentials or launch other attacks.

The remote host appears to be running Ability POP3 Server.  According to its banner, the installed version of Ability Mail Server is affected by two issues that could cause the application to crash.  One involves messages that are changed to a blank string, the other concerns IMAP4 commands with malformed number list ranges.  It is not currently known whether either or both issues can be exploited without authentication.

The remote host is running Delegate, a proxy server.  This version of Delegate is vulnerable to multiple remote Denial of Service (DoS) attacks.  An attacker exploiting these flaws would be able to impact the availability of the proxy server.

The remote host is running the Alt-N MDaemon mail server.  This is a mail server for the Microsoft Windows platform.  This version of MDaemon is vulnerable to a flaw where a remote attacker can cause the mail service to crash.  An attacker exploiting this flaw would only need to be able to connect to the POP3 port of the server (typically 110).  Successful exploitation would result in services being denied to valid users.

The remote host is running Ipswitch Collaboration Suite / IMail, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail installed on the remote host has several unspecified buffer overflows in various service components as well as one in an ActiveX control.  An attacker may be able to leverage these issues to crash the affected service or execute arbitrary code remotely by default with LOCAL SYSTEM privileges.

The remote host is running the Alt-N MDaemon mail server.  This is a mail server for the Microsoft Windows platform.  This version of MDaemon is vulnerable to a flaw where local attackers can overwrite critical MDaemon library files.  Successful exploitation would give the local user the ability to escalate privileges to those of the MDaemon server.  This would impact confidentiality, integrity, and availability.

A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking one some POP server commands. Namely, 'USER' and 'APOP'.  An attacker can exploit this vulnerability by submitting a very large values to these commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command.  Successful exploitation would lead to the attacker executing arbitrary code on the remote server.

The remote host is running the Atrium Software MERCUR mail server, a POP3, SMTP and IMAP server.  This version of MERCUR is vulnerable to a number of flaws in the way that it handles user-supplied commands.  Some of the commands do not require prior authentication.  An attacker exploiting these flaws would be able to cause the MERCUR server to fail.  Successful exploitation would result in the loss of availability.

The remote host is running the Apache James software, a Java-based POP3, SMTP, and NNTP server.  This version of JAMES is vulnerable to a flaw in the way that the spooler handles malformed messages.  An attacker exploiting this flaw would need to be able to send multiple malformed emails to the server.  Successful exploitation would result in the JAMES server depleting all system resources and eventually crashing.

The remote host is running a version of Magic Winmail Server that is vulnerable to multiple flaws.  These flaws include a directory traversal flaw that would allow an attacker to access confidential data, a cross-site scripting (XSS) flaw and an HTML injection flaw.

The remote XMail server is vulnerable to multiple remote and local buffer overflows.  Successful exploitation would lead to the attacker executing arbitrary code.

The remote host is running Qpopper, a POP3 mail server for Unix-type systems.  This version of Qpopper is vulnerable to a local configuration flaws.  A local attacker exploiting these flaws would be able to elevate privileges on the Qpopper system.

The remote host is running the True North eMailServer.
This version of eMailServer is vulnerable to a content-parsing flaw where a malformed IMAP request can cause the server to fail.  An attacker exploiting this flaw would be able to disable the service remotely.

The remote host is running GNU Mailutils, an open source package that includes tools for running and managing a mail server.  This version of GNU Mailutils is vulnerable to several remote buffer overflows.  An attacker exploiting these flaws will be able to execute arbitrary code

The remote host is running GNU Mailutils, an open source package that includes tools for running and managing a mail server.  This version of GNU Mailutils is vulnerable to several remote buffer overflows.  An attacker exploiting these flaws will be able to execute arbitrary code.

The remote host is running Qpopper, a POP3 mail server for Unix-type systems.
This version of Qpopper is vulnerable to multiple local configuration flaws.
A local attacker exploiting these flaws would be able to elevate privileges
on the Qpopper system.

The remote host is running the AS400 (version 4.5 or higher) POP3 server.  This version of the POP daemon is vulnerable to an information disclosure flaw.  An attacker can gain information about valid accounts, accounts with expired passwords, system accounts by querying the POP server.  This information can be useful in other attacks that require a user ID and/or password.

Delegate is reportedly vulnerable to a stack-based buffer overflow that may allow for the execution of arbitrary code. The details of this vulnerability are not known at this time.

The remote host is running Digital Mappings Systems POP3 server which is vulnerable to a remote buffer overflow.  An attacker exploiting this flaw will be able to execute code on the remote host by sending a malicious username string.

The remote host is running a POP3 service that allows a remote attacker to determine when a user account is valid.  An attacker exploiting this flaw would only need to connect to the port repeatedly while sending different user names.  The server will alert the attacker whenever a valid username is sent.  This vulnerability is known to affect Intellipeer POP3 server (versions less than or equal to 1.0.1).

The remote host is running the YahooPOPs! Proxy.  This proxy is a gateway to send and receive Yahoo mail via a proxy.  Such a configuration may bypass existing corporate policies regarding appropriate email usage.

The remote host is running a version of Magic Winmail Server that is vulnerable to a format string flaw. An attacker may exploit this vulnerability by connection to the vulnerable mail server and issuing the USER command with malicious format string specifiers. This may result in the crashing of the remote host and/or execution of arbitrary code on the remote host.

The remote XMail POP server is vulnerable to a buffer overflow when it receives two long arguments for the APOP command. This problem may allow an attacker to disable this POP server remotely or even to execute arbitrary commands with its privileges (typically, root).

The remote Xtramail Control Server is vulnerable to a buffer overflow when a user supplies a too long argument to as its username. An attacker may use this flaw to disable this service remotely or to execute arbitrary code on this host, with the privileges of the Xtramail server (typically, SYSTEM).

The remote Xtramail POP server is vulnerable to a buffer overflow when the user supplies a long password string. An attacker may use this flaw to execute arbitrary code on this host with the privileges of the Xtramail server (typically, SYSTEM).

A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking one some POP server commands. An attacker can exploit this vulnerability by submitting a very large integer value to some commands on the POP server. This will cause the MDaemon service to crash when attempting to process the command.

A security vulnerability in CMail 2.4.9 allows remote attackers to overflow one of CMail's internal buffers causing it to crash. If shellcode is provided in the overflowing buffer it may be possible to execute arbitrary code.

It has been reported that a memory corruption vulnerability exists in CMail. The POP3 server included with CMAIL does not properly handle some types of requests. By submitting a maliciously crafted request to the POP3 server, an attacker could crash the system, resulting in a denial of service.

In version 4, a buffer overflow was introduced into the qpopper source tree. This buffer overflow is related to the handling of the client-supplied username and is present when a POP3 session is being initiated. It is believed that the overflow occurs before authentication, so it may not be required that users have valid POP accounts. This vulnerability can lead to a compromise of root privileges to remote attackers.

There are buffer overflow vulnerabilities present in 3.x versions of the Qualcomm popper daemon. These vulnerabilities are remotely executable and since the daemons run as root, the host running qpopper can be completely compromised anonymously.

The remote qpopper service may be vulnerable to a denial of service (DoS) attack. If a string of longer than approximately 2048 characters is sent to the qpopper process, a denial of service condition will occur.

Delegate is reportedly vulnerable to a stack-based buffer overflow that may allow for the execution of arbitrary code. The condition exists if the argument to the 'USER' command is of excessive length.

The ZetaMail server will crash if a username/password pair longer than 3500 characters is supplied by the client.

The remote qpopper server, according to its banner, is running version 4.0.3 or version 4.0.4.  These versions are vulnerable to a buffer overflow if they are configured to allow the processing of a user's ~/.qpopper-options file. A local user can cause a buffer overflow by setting the bulldir variable to something longer than 256 characters. *** This test could not confirm the existence of the problem - it relied on the banner being returned. ***

The remote POP server allows an attacker to obtain a list of valid logins on the remote host via a brute force attack. If the user connects to this port and issues the commands : USER 'someusername' PASS 'whatever' a different response will be generated if the account 'someusername' exists or not.

There is a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1 that has a vulnerability in its POP-2 daemon found in the ipopd package. This vulnerability allows an attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 account.

The remote qpopper server, according to its banner, is vulnerable to a one-byte overflow in the function Qvsnprintf(). An attacker may use this flaw to gain a (non-root) shell on this host, provided that the attacker has a valid POP account to log in with.

There is a vulnerability in some versions of qpopper which allows a remote user to become root using a buffer overflow.

The system is using qpopper 2.53 (or newer in the 2.5x series). There is a problem in this server that allows users who have a pop account to gain a shell with the gid 'mail' by sending to themselves a specially crafted mail.

The remote pop2 server allows the reading of arbitrary files for authenticated users, using the 'fold' command.

A POP server is running on this port.  The POP server is utilizing the SSL/TLS encryption protocol.

The remote host is running POP Password Changer, a server used to change POP users' passwords, that is vulnerable to unauthorized access.  An attacker exploiting this flaw will be able to change users' passwords.

The remote host is running Merak Mail Server. It is reported that versions prior to 7.5.1 are prone to multiple vulnerabilities in the Web Mail module. An attacker may use these vulnerabilities to perform cross-site scripting attacks, SQL injection and access to the PHP source code.

ID	Name	Severity
8733	Fortinet FortiMail Server Detection via POP3S	Info
8730	Fortinet FortiMail Server Detection via POP3	Info
5517	Alt-N MDaemon < 11.0.1 Multiple Remote DoS Vulnerabilities	Medium
5186	Ability Mail Server < 2.70 Remote Denial of Service	Medium
4765	MDaemon WorldClient < 10.0.2 Script Injection	Medium
4292	Ability Mail Server < 2.61 Multiple Vulnerabilities	Medium
4260	Delegate < 9.7.5 Multiple Vulnerabilities	Low
4118	ALT-N MDaemon < 9.6.1 DomainPOP Malformed Message DoS	Low
3938	Ipswitch IMail Server < 2006.2 Multiple Overflows	Medium
3815	ALT-N MDaemon < 9.0.7 / 9.54 Local Insecure Directory	Medium
3734	ALT-N MDaemon POP Server < 9.06 USER / APOP Command Overflow	Medium
3655	MERCUR < 2005 SP4 Multiple Remote DoS	High
3320	Apache James < 2.2.1 Spooler retrieve Function DoS	Medium
3300	Winmail Server <= 4.2 Multiple Vulnerabilities	Critical
3257	XMail < 1.22.0 Multiple Overflows	High
3243	Qualcomm Qpopper poppassd Local Privilege Escalation	Medium
3035	POP Banner Detection	Info
3034	True North eMailServer < 5.3.4 Build 2019 LIST Command Remote DoS (deprecated)	Medium
2939	GNU Mailutils Multiple POP Vulnerabilities	High
2938	GNU Mailutils Multiple IMAP Vulnerabilities	Medium
2935	Qualcomm Qpopper < 4.0.5 Multiple Local Privilege Escalation	High
2823	AS400 Default POP Services Information Disclosure	Medium
2740	DeleGate < 8.11.1 Multiple Remote Overflows	Critical
2413	Digital Mappings Systems POP3 Server Remote Buffer Overflow	Critical
2332	Intellipeer User Account Enumeration	Medium
2331	YahooPOPs! Proxy Detection	Medium
1802	POP Server Detection	Info
1801	XMail < 2.4 (Build 0530) APOP Remote Format String	High
1800	XMail < 0.59 APOP Overflow DoS	Critical
1799	Xtramail < 1.12 Control Server Overflow Denial of Service	High
1798	Xtramail < 1.12 POP3 Overflow	Critical
1797	ALT-N MDaemon < 6.5.0 POP Server Overflow DoS	Medium
1796	Computalynx CMail < 2.4.10 HELO Command Overflow	High
1795	Computalynx CMail POP3 Server DELE Function DoS	High
1794	Qualcomm Qpopper Username Remote Overflow	Critical
1793	Qualcomm Qpopper Remote Overflows	Critical
1792	Qualcomm Qpopper Remote Overflow DoS	Critical
1791	Delegate Multiple Function Remote Overflows	Critical
1790	ZetaMail Remote DoS	Critical
1789	qpopper Options File Buffer Overflow	Critical
1788	Netscape Messenging Server User Account Enumeration	Medium
1787	ipop2d < 4.5 FOLD Command Remote Overflow	Critical
1786	qpopper < 4.0.5fc2 Qvsnprintf Remote Overflow	Medium
1785	qpopper < 4.0 PASS Command Remote Overflow	High
1784	qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution	Medium
1783	ipop2d fold Command Arbitrary File Access	Medium
4000	POP SSL/TLS Server Detection	Info
2518	POP Password Changer Unauthorized Password Change	Medium
2156	Merak Mail Server < 7.5.1 Web Mail Module Multiple Vulnerabilities	High

POP Server Family for Nessus Network Monitor