The Microsoft Exchange Server installed on the remote host is missing security updates. A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

The remote host is running Exim, a message transfer agent.

Versions of Exim earlier than 4.92.2 are affected by a vulnerability that is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.

The remote host is running Exim, a message transfer agent.

Versions of Exim earlier than 4.92 are affected by a flaw due to improper validation of recipient address in 'deliver_message()' function in '/src/deliver.c' that may lead to remote command execution.

The remote host is running Exim, a message transfer agent.

Versions of Exim earlier than 4.90.1 are affected by an overflow condition in an unspecified utility function that is triggered as certain input is not properly validated when parsing messages. This may allow a remote attacker to cause a buffer overflow and potentially execute arbitrary code.

The remote host is running the Fortinet FortiMail Secure SMTP mail server.  Fortinet FortiMail is an email security appliance which filters email for spam and other malware.  The SMTPS component of Fortinet FortiMail allows remote users to send email over an encrypted (SSL/TLS) network connection.

The remote host is running the Fortinet FortiMail SMTP mail server.  Fortinet FortiMail is an email security appliance which filters email for spam and other malware.  The SMTP component of Fortinet FortiMail allows remote users to send email in a plain text format.

The remote host is running Exim, a message transfer agent.  

Versions of Exim earlier than 4.76 are potentially affected by a format string vulnerability in logging DKIM information from an inbound email.  By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server subject to the privileges of the user running the affected application.

The remote host is running Exim, a message transfer agent. 

Versions of Exim earlier than 4.74 are potentially affected by a local privilege escalation vulnerability.  Attackers can exploit this flaw to append arbitrary data to files through symbolic link attacks.  Successfully exploiting this issue allows local attackers with 'exim' run-time privileges to perform certain actions with superuser privileges, leading to a complete compromise of an affected computer.  Note that this issue only affects Exim on Linux.

The remote host is running Exim, a message transfer agent.  

Versions of Exim earlier than 4.70 are potentially affected by a heap overflow vulnerability.  By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server subject to the privileges of the user running the affected application.

The remote host is running Ipswitch IMail server.

Versions of IMail earlier than 11.02 are potentially affected by multiple vulnerabilities :

  - By sending a specially crafted message to imailsrv.exe with multiple 'Reply-To' headers set, it may be possible for a remote unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-10-126)

  - By sending a specially crafted message containing '?Q' operator, it may be possible for a remote authenticated attacker to execute arbitrary code on the remote system with SYSTEM privileges. (ZDI-10-127)

  - By sending a specially crafted message with an overly long '-NOTIFY' argument, it may be possible for a remote unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-10-128)

Versions of Kerio Mail Server / Connect earlier than 7.0.1 are potentially affected by a file disclosure and corruption vulnerability.  An attacker, with full administrative rights, can modify the administrative console to change the product configuration to read or corrupt arbitrary files on the server.

The remote host is running Exim, a message transfer agent. 

Versions of Exim earlier than 4.72 are potentially affected by multiple vulnerabilities :

  - An error when handling hardlinks within the mail directory during the email delivery process can be exploited to perform unauthorized actions. (CVE-2010-2023)

  - When MBX locking is enabled, a race condition exists which could allow an attacker to change permissions of other non-rot users' files, leading to denial-of-service conditions or potentially privilege escalation. (CVE-2010-2024)

The remote host is a Checkpoint Firewall ESMTP server.

The installed version of Windows SMTP Service is affected by at least one vulnerability : 

  - Incorrect parsing of DNS Mail Exchanger (MX) resource records could cause the Windows Simple Mail Transfer Protocol (SMTP) component to stop responding until the service is restarted. (CVE-2010-0024)

  - Improper allocation of memory for interpreting SMTP command responses may allow an attacker to read random e-mail message fragments stored on the affected server. (CVE-2010-0025)

The remote mail server is running a version of XMail earlier than 1.27.  Such versions are potentially affected by a flaw that may allow an attacker with local access to the host to delete or corrupt arbitrary files, due to the application creating temporary files in an insecure manner.

The remote mail server is running a version of Sendmail earlier than 8.14.4.  Such versions are potentially affected by a flaw that my allow an attacker to spoof SSL certificates by using a NULL character in certain certificate fields.

The remote host appears to be running Ability Mail Server < 2.70.  Such versions are potentially affected by an issue caused by an unspecified error when handling IMAP version 4 FETCH commands.  An attacker could exploit this flaw to crash the affected service.

The remote host is running IceWarp Merak Mail Server, a webmail server for Windows and Linux.  According to its banner, the version of IceWarp installed on the remote host is older than 9.4.0.  Such versions reportedly fail to sanitize input passed to 'IMG' HTML tags in an e-mail message before displaying them.  A remote attacker could leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected application.

According to its banner, the remote host is running a version of Kerio MailServer prior to 6.6.2.  Multiple files in such versions are reportedly affected by cross-site scripting vulnerabilities.

  - The application fails to sanitize input to the 'folder' parameter of the 'mailCompose.php' script as well as the 'daytime' parameter of the 'calendarEdit.php' script before using it to generate dynamic HTML.

  - Content passed to 'sent' parameter of the 'error413.php' script is not sanitized before being returned to the user.

Successful exploitation of these issues could lead to execution of arbitrary HTML and script code in a user's browser within the security context of the affected site.

The remote host is running MailMarshal SMTP, a mail server for Windows.  The Spam Quarantine Management web component included with the version of MailMarshal SMTP installed on the remote host is affected by a persistent cross-site scripting vulnerability in its 'delegated spam management' feature.  By exploiting this issue, it may be possible for an internal user to install a malicious program on another internal user's (victim) computer, steal session cookies or launch similar attacks.  Successful exploitation would require a victim to accept an email invitation for delegated spam management from an attacker.

The remote mail server is running Postfix, an open source SMTP server.

The remote server is forwarding email in a manner consistent with many SPAM/UCE servers.

The remote host is running NetWin SurgeMail, a mail server application.  The remote version of this software is vulnerable to a remote buffer overflow in its IMAP component and exploit code was released.  Specifically, a malformed 'LIST' command can cause the application to fail, possibly executing arbitrary code.  An attacker exploiting this flaw would need the ability to authenticate as a valid user.

The remote host is running Kerio MailServer, a commercial mail server available for Windows, Linux and Mac OS X platforms.  According to its banner, the installed version of Kerio MailServer is affected by several issues :

 - There is a possible buffer overflow in the Visnetic antivirus plugin.

 - There is an unspecified security issue with NULL DACL in the AVG plugin.

 - Memory corruption is possible during uudecode decoding.

The version of Lotus Domino on the remote host appears to be older than 7.0.2 FP3.  According to IBM, such versions are potentially affected by an unspecified denial of service issue (SPR #WRAY6WHTCC).

The remote host appears to be running Ability SMTP Server.  According to its banner, the installed version of Ability Mail Server is affected by two issues that could cause the application to crash.  One involves messages that are changed to a blank string, the other concerns IMAP4 commands with malformed number list ranges.  It is not currently known whether either or both issues can be exploited without authentication.

IMail Client, a tool for administering Ipswitch IMail Server, is installed on the remote Windows host.  The version of IMail Client on the remote host contains a boundary error that can be triggered by a long 'boundary' parameter in when processing emails with multipart MIME data.  If an attacker can trick the Ipswitch Mail Server administrator to open a specially-crafted email using the affected application, he can leverage this issue to execute arbitrary code subject to the user's privileges.

The remote host is running a version of Lotus Domino Server that is prone to multiple attacks against the web server component.  An attacker exploiting these flaws would be able to either view confidential data or execute arbitrary code via a buffer overflow.

There is a flaw in this version of Merak mail server.  Specifically, the application fails to filter out dangerous script input to email. An attacker may be able to execute arbitrary code when the user accesses Merak via the webmail interface.  Successful exploitation would result in the attacker executing code in the remote client browser.

The remote host is running Hexamail, an SMTP server.
This version of Hexamail is vulnerable to a buffer overflow in its POP3 service when passed a large string to the 'USER' directive.  An attacker exploiting this flaw would only need to be able to connect to the POP3 port (default TCP/110) on the remote server.  Successful exploitation would result in the attacker executing arbitrary code.

The remote host is running MailMarshal Mail Server version 6.2.1 or lower.  There is a flaw in the remote version of this server.  An attacker can create an archive file such that upon opening, critical system files would be overwritten with files of the attacker's choice.  Successful exploitation would result in the attacker replacing arbitrary files.

The remote server is forwarding email in a manner consistent with many SPAM/UCE servers.  NNM observed the computer connecting to a remote SMTP server and attempting to send an email that was denied for the reason denoted above.

The remote host is running Kerio MailServer version 6.4.0 or lower.  There is a flaw in the remote version of this server.  The details of the flaw are currently unknown; however, it is alleged that the flaw would lead to remote compromise.

The remote host is running Ipswitch IMail, a commercial messaging and collaboration suite for Windows.  According to its banner, the version of Ipswitch IMail installed on the remote host has several buffer overflows in its IMAP service component, one of which can be exploited to execute arbitrary code with SYSTEM privileges prior to authentication.  In addition, there is also an denial of service issue that can cause the IM server to crash without authentication.

The remote host is running a version of Lotus Domino Server that is prone to multiple attacks against the web server component.  If this Lotus Domino install includes the web server component, there is a risk that remote users may crash the application (DoS) or that local users may escalate privileges on the local machine.

The remote host is running Ipswitch Collaboration Suite / IMail, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail installed on the remote host has several unspecified buffer overflows in various service components as well as one in an ActiveX control.  An attacker may be able to leverage these issues to crash the affected service or execute arbitrary code remotely by default with LOCAL SYSTEM privileges.

The remote host is running Trend Micro InterScan VirusWall.

The remote host is running Ipswitch IMail Server, a commercial messaging and collaboration software product for Windows.  According to its banner, the version of Ipswitch installed on the remote host has a buffer overflow issue in its SMTP server component.  The details of the exploit are not currently known.  An attacker exploiting this flaw would send a malformed SMTP command to the server.  Successful exploitation would result in arbitrary code being executed.

The remote host is running VisNetic MailServer, a commercial mail server for the Microsoft platform.  The version of VisNetic MailServer installed on the remote host fails to sanitize user-supplied input to the 'lang_settings' parameter of the 'accounts/inc/include.php' and 'admin/inc/include.php' scripts before using it to include PHP code.  An unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code after injecting it into the mail server's log file.

The remote host is running a vulnerable version of the MailEnable email server.  While the details of the flaw are unknown, it is alleged that a remote attacker can create a query such that when the MailEnable server parses the query, the service crashes.  Successful exploitation denies access to legitimate users.

The remote host is running a vulnerable version of Clearswift MAILsweeper for SMTP. Clearswift MAILseeper for SMTP versions 4.3.19 and prior are reported prone to several security issues. According to the vendor, an attacker can bypass security or render the application unavailable for legitimate users.

According to its banner, the remote sendmail server is running a version less than 8.13.7.  There is a flaw in versions of Sendmail less than 8.13.7 that would allow a remote attacker to deny resources to legitimate users.  An attacker exploiting this flaw would only need to be able to send email through the remote sendmail server.

The remote host is running Courier Mail Server, an open source mail server for Linux and Unix.  The installed version of Courier is prone to a flaw in the way that it handles malformed 'login' strings.  Specifically, an attacker who sends a username that includes a '

ID	Name	Severity
701277	Microsoft Exchange Remote Code Execution Vulnerability	High
701176	Exim < 4.92.2 RCE	Critical
700728	Exim < 4.92 RCE	High
700223	Exim < 4.90.1 Remote Code Execution	High
8734	Fortinet FortiMail Server Detection via SMTPS	Info
8731	Fortinet FortiMail Server Detection via SMTP	Info
5911	Exim < 4.76 dkim_exim_verify_finish Remote Format String Vulnerability	Medium
5752	Exim < 4.74 Local Privilege Escalation Vulnerability	High
5910	Exim < 4.70 string_format Function Remote Overflow	High
5600	Ipswitch IMail Server < 11.02 Multiple Vulnerabilities	Critical
5561	Kerio MailServer / Connect < 7.0.1 Administration Console File Disclosure and File Corruption Vulnerability	Medium
5557	Exim < 4.72 Multiple Vulnerabilities	Medium
5929	Checkpoint Firewall ESMTP Service Detection	Info
5510	MS10-024: Microsoft Exchange and Windows SMTP Service DoS (981832)	Medium
5347	XMail < 1.27 Insecure Temporary File Creation	Low
5293	Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing	Medium
5185	Ability Mail Server < 2.70 Remote Denial of Service	Medium
4800	IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS	Medium
4797	Kerio MailServer < 6.6.2 (KSEC-2008-12-16-01) Multiple XSS	Medium
4697	MailMarshal < 6.4 Spam Quarantine Management XSS	Medium
4695	Postfix Detection	Info
4469	Potential SPAM Server Detection (deprecated)	Medium
4431	NetWin SurgeMail <= 3.8k4-4 IMAP LIST Command Remote Overflow	Medium
4381	Kerio MailServer < 6.5.0 Multiple Vulnerabilities	Medium
4339	Lotus Domino < 7.0.2 FP3 Unspecified DoS	Low
4291	Ability Mail Server < 2.61 Multiple Vulnerabilities	Medium
4268	Ipswitch IMail Client < 2006.23 Multipart MIME Email Overflow	Medium
4261	Lotus Domino Multiple Vulnerabilities	Critical
4217	Merak Mail < 9.0.0 BODY Element HTML Injection	Medium
4207	Hexamail < 3.0.1.004 POP3 Service USER Command Overflow	High
4203	MailMarshal <= 6.2.1 tar Archive Traversal Arbitrary File Overwrite (deprecated)	High
4185	Potential SPAM Server Detection	Medium
4184	Potential SPAM Server Detection (relay)	Medium
4148	Kerio MailServer < 6.4.1 Attachment Filter Unspecified Issue	Medium
4141	Ipswitch IMail Server < 2006.21 Multiple Vulnerabilities	Medium
4127	Potential SPAM Server Detection	Medium
4126	Potential SPAM Server Detection (keyword)	Medium
4125	Potential SPAM Server Detection (localhost)	Medium
4124	Potential SPAM Server Detection (HELO)	Medium
4123	Potential SPAM Server Detection (pharma)	Medium
4122	Potential SPAM Server Detection	Medium
4077	Lotus Domino Web Server Multiple Vulnerabilities	High
3936	Ipswitch IMail Server < 2006.2 Multiple Overflows	Medium
3892	Trend Micro InterScan VirusWall Version Detection	Info
3738	Ipswitch IMail Server RCPT String Remote Overflow	Medium
3690	VisNetic MailServer < 8.5.0.5 lang_settings Parameter Remote File Inclusion	Medium
3670	MailEnable SMTP Service HELO Command Remote DoS	Medium
3659	Clearswift MAILsweeper for SMTP < 4.3.20 Multiple Vulnerabilities	High
3653	Sendmail < 8.13.7 Multi-part MIME Message Handling DoS	Low
3646	Courier Mail Server < 0.53.2 Crafted Username Encoding DoS	High

SMTP Servers Family for Nessus Network Monitor