Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| code-crafters | ability_server | 2.3.2 |
| code-crafters | ability_server | 2.3.4 |
| code-crafters | ability_server | 2.2.5 |
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| code-crafters | ability_server | 2.3.2 |
| code-crafters | ability_server | 2.3.4 |
| code-crafters | ability_server | 2.2.5 |
The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| code-crafters | ability_mail_server | 1.18 |
Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| code-crafters | ability_mail_server | 3.1.1 |