MDaemon POP3 Server USER / APOP Command Remote Overflow

Network Security News – Monday, August 28, 2006 Events

MDaemon POP3 Server USER / APOP Command Remote Overflow

A remote overflow exists in Alt-N Technologies MDaemon. It fails to validate 'USER' and 'APOP' commands resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause boundary errors in POP3 server resulting in a loss of integrity.. Read more at osvdb.org/28125

Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Variable Remote File Inclusion

Tutti Nova contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.novaEdit.mysql.php not properly sanitizing user input supplied to the 'TNLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28028

Tutti Nova class.novaRead.mysql.php TNLIB_DIR Variable Remote File Inclusion

Tutti Nova contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.novaRead.mysql.php not properly sanitizing user input supplied to the 'TNLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28030

Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Variable Remote File Inclusion

Tutti Nova contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.novaAdmin.mysql.php not properly sanitizing user input supplied to the 'TNLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28029