cvelistv5 - CVE-2007-3927

CVE-2007-3927 (GCVE-0-2007-3927)

Vulnerability from cvelistv5 – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2574	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/24962	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/45819	vdb-entryx_refsource_OSVDB
	http://docs.ipswitch.com/IMail%202006.21/ReleaseN…	x_refsource_CONFIRM
	http://osvdb.org/45818	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1018421	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/26123	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2574",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2574"
          },
          {
            "name": "24962",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24962"
          },
          {
            "name": "ipswitch-imail-subscribe-bo(35505)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
          },
          {
            "name": "45819",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/45819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
          },
          {
            "name": "45818",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/45818"
          },
          {
            "name": "1018421",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018421"
          },
          {
            "name": "ipswitch-imail-imailsec-bo(35504)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
          },
          {
            "name": "26123",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26123"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2574",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2574"
        },
        {
          "name": "24962",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24962"
        },
        {
          "name": "ipswitch-imail-subscribe-bo(35505)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
        },
        {
          "name": "45819",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/45819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
        },
        {
          "name": "45818",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/45818"
        },
        {
          "name": "1018421",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018421"
        },
        {
          "name": "ipswitch-imail-imailsec-bo(35504)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
        },
        {
          "name": "26123",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26123"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2574",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2574"
            },
            {
              "name": "24962",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24962"
            },
            {
              "name": "ipswitch-imail-subscribe-bo(35505)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
            },
            {
              "name": "45819",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/45819"
            },
            {
              "name": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease",
              "refsource": "CONFIRM",
              "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
            },
            {
              "name": "45818",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/45818"
            },
            {
              "name": "1018421",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018421"
            },
            {
              "name": "ipswitch-imail-imailsec-bo(35504)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
            },
            {
              "name": "26123",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26123"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3927",
    "datePublished": "2007-07-21T00:00:00",
    "dateReserved": "2007-07-20T00:00:00",
    "dateUpdated": "2024-08-07T14:37:05.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2006.2\", \"matchCriteriaId\": \"B64F51E1-D2B5-4E9D-962E-2DCD2B82919B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2006.2\", \"matchCriteriaId\": \"DEFD422E-19B4-4789-BA0D-42C90C4A5AE9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \\\"subscribe.\\\"\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en Ipswitch IMail Server 2006 versiones anteriores a 2006.21 (1) permiten a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante vectores no especificados en Imailsec y (2) permiten a atacantes remotos tener un impacto desconocido mediante un vector no especificado relativo a \\\"suscribir\\\".\"}]",
      "id": "CVE-2007-3927",
      "lastModified": "2024-11-21T00:34:23.433",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-07-21T00:30:00.000",
      "references": "[{\"url\": \"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://osvdb.org/45818\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/45819\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26123\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24962\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018421\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2574\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35504\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35505\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://osvdb.org/45818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/45819\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26123\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24962\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018421\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2574\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35504\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3927\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-21T00:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \\\"subscribe.\\\"\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en Ipswitch IMail Server 2006 versiones anteriores a 2006.21 (1) permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados en Imailsec y (2) permiten a atacantes remotos tener un impacto desconocido mediante un vector no especificado relativo a \\\"suscribir\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2006.2\",\"matchCriteriaId\":\"B64F51E1-D2B5-4E9D-962E-2DCD2B82919B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2006.2\",\"matchCriteriaId\":\"DEFD422E-19B4-4789-BA0D-42C90C4A5AE9\"}]}]}],\"references\":[{\"url\":\"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/45818\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/45819\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26123\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24962\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018421\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2574\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35504\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35505\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/45818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/45819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24962\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200707-0112

Vulnerability from variot - Updated: 2023-12-18 12:58

Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe.". Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. The IMailsec.dll component uses the lstrcpyA() function to copy the data provided by the user to a fixed-length heap buffer when trying to authenticate the user, so an attacker can trigger an overflow by submitting an overlong authentication request, resulting in arbitrary code execution.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows

SECUNIA ADVISORY ID: SA26123

VERIFY ADVISORY: http://secunia.com/advisories/26123/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/

DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server and Collaboration Suite, which can be exploited by malicious users and malicious people to compromise a vulnerable system.

1) A boundary error in the processing of the IMAP "SEARCH" command can be exploited to cause a stack-based buffer overflow.

2) A boundary error in the processing of the IMAP "SEARCH CHARSET" command can be exploited to cause a heap-based buffer overflow.

Vulnerabilities #1 and #2 are reported in version 6.8.8.1 of imapd32.exe.

3) A boundary error in Imailsec can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code.

4) A boundary error in "subscribe" can be exploited to cause a buffer overflow. No further information is currently available.

Vulnerabilities #3 and #4 are reported in Ipswitch IMail Server and Collaboration Suite prior to version 2006.21.

SOLUTION: Update to IMail Server version 2006.21. http://www.ipswitch.com/support/imail/releases/im200621.asp

Update to Ipswitch Collaboration Suite 2006.21. http://www.ipswitch.com/support/ics/updates/ics200621.asp

PROVIDED AND/OR DISCOVERED BY: 1) Manuel Santamarina Suarez, reported via iDefense Labs. 2) An anonymous person, reported via iDefense Labs. 3, 4) The vendor credits TippingPoint and the Zero Day Initiative.

ORIGINAL ADVISORY: IPSwitch: http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.ipswitch.com/support/ics/updates/ics200621.asp

iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0112",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "imail server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "2006.2"
      },
      {
        "model": "collaboration suite",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "2006.2"
      },
      {
        "model": "imail server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "model": "imail server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "2006.21"
      },
      {
        "model": "collaboration suite",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "2006.2"
      },
      {
        "model": "imail server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "2006.2"
      },
      {
        "model": "imail server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "model": "imail server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006.21"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2006.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2006.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Manuel Santamarina Suarez",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-3927",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-3927",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-27289",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-3927",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-386",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27289",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\". Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. \nSuccessful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. \nIpswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. The IMailsec.dll component uses the lstrcpyA() function to copy the data provided by the user to a fixed-length heap buffer when trying to authenticate the user, so an attacker can trigger an overflow by submitting an overlong authentication request, resulting in arbitrary code execution. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server/Collaboration Suite Multiple Buffer Overflows\n\nSECUNIA ADVISORY ID:\nSA26123\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26123/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Server 2006\nhttp://secunia.com/product/8653/\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ipswitch IMail Server and\nCollaboration Suite, which can be exploited by malicious users and\nmalicious people to compromise a vulnerable system. \n\n1) A boundary error in the processing of the IMAP \"SEARCH\" command\ncan be exploited to cause a stack-based buffer overflow. \n\n2) A boundary error in the processing of the IMAP \"SEARCH CHARSET\"\ncommand can be exploited to cause a heap-based buffer overflow. \n\nVulnerabilities #1 and #2 are reported in version 6.8.8.1 of\nimapd32.exe. \n\n3) A boundary error in Imailsec can be exploited to cause a\nheap-based buffer overflow and allows execution of arbitrary code. \n\n4) A boundary error in \"subscribe\" can be exploited to cause a buffer\noverflow. No further information is currently available. \n\nVulnerabilities #3 and #4 are reported in Ipswitch IMail Server and\nCollaboration Suite prior to version 2006.21. \n\nSOLUTION:\nUpdate to IMail Server version 2006.21. \nhttp://www.ipswitch.com/support/imail/releases/im200621.asp\n\nUpdate to Ipswitch Collaboration Suite 2006.21. \nhttp://www.ipswitch.com/support/ics/updates/ics200621.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Manuel Santamarina Suarez, reported via iDefense Labs. \n2) An anonymous person, reported via iDefense Labs. \n3, 4) The vendor credits TippingPoint and the Zero Day Initiative. \n\nORIGINAL ADVISORY:\nIPSwitch:\nhttp://www.ipswitch.com/support/imail/releases/im200621.asp\nhttp://www.ipswitch.com/support/ics/updates/ics200621.asp\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "db": "BID",
        "id": "24962"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "db": "PACKETSTORM",
        "id": "57869"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-27289",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-3927",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "24962",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26123",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "45818",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "45819",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018421",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2574",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "35504",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "35505",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-042",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-043",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4228",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-27289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57869",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "db": "BID",
        "id": "24962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "db": "PACKETSTORM",
        "id": "57869"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "id": "VAR-200707-0112",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:58:44.433000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Release notes for IMail Server 2006.21 (v9.21)",
        "trust": 0.8,
        "url": "http://docs.ipswitch.com/imail%202006.21/releasenotes/imail_relnotes.htm#newrelease"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://docs.ipswitch.com/imail%202006.21/releasenotes/imail_relnotes.htm#newrelease"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/24962"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/45818"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/45819"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018421"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26123"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2574"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3927"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3927"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2574"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35505"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35504"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitch.com/products/imail_server/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-07-042.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-07-043.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/474040"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/474552"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/474553"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26123/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8653/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8652/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/ics/updates/ics200621.asp"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "db": "BID",
        "id": "24962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "db": "PACKETSTORM",
        "id": "57869"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "db": "BID",
        "id": "24962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "db": "PACKETSTORM",
        "id": "57869"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "date": "2007-07-18T00:00:00",
        "db": "BID",
        "id": "24962"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "date": "2007-07-20T05:47:25",
        "db": "PACKETSTORM",
        "id": "57869"
      },
      {
        "date": "2007-07-21T00:30:00",
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "date": "2007-07-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27289"
      },
      {
        "date": "2016-07-05T21:38:00",
        "db": "BID",
        "id": "24962"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      },
      {
        "date": "2017-07-29T01:32:37.677000",
        "db": "NVD",
        "id": "CVE-2007-3927"
      },
      {
        "date": "2007-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch IMail Server 2006 Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004155"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-386"
      }
    ],
    "trust": 0.6
  }
}

GHSA-RGW4-FQ4J-G37Q

Vulnerability from github – Published: 2022-05-01 18:18 – Updated: 2022-05-01 18:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3927"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-21T00:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\"",
  "id": "GHSA-rgw4-fq4j-g37q",
  "modified": "2022-05-01T18:18:39Z",
  "published": "2022-05-01T18:18:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3927"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
    },
    {
      "type": "WEB",
      "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/45818"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/45819"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26123"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24962"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018421"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2574"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-3927

Vulnerability from fkie_nvd - Published: 2007-07-21 00:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease	Patch
cve@mitre.org	http://osvdb.org/45818
cve@mitre.org	http://osvdb.org/45819
cve@mitre.org	http://secunia.com/advisories/26123
cve@mitre.org	http://www.securityfocus.com/bid/24962	Patch
cve@mitre.org	http://www.securitytracker.com/id?1018421
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2574
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35504
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35505
af854a3a-2127-422b-91ae-364da2661108	http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/45818
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/45819
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26123
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24962	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018421
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2574
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35504
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35505

Impacted products

	Vendor	Product	Version
	ipswitch	imail_server	*
	ipswitch	ipswitch_collaboration_suite	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64F51E1-D2B5-4E9D-962E-2DCD2B82919B",
              "versionEndIncluding": "2006.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFD422E-19B4-4789-BA0D-42C90C4A5AE9",
              "versionEndIncluding": "2006.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en Ipswitch IMail Server 2006 versiones anteriores a 2006.21 (1) permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados en Imailsec y (2) permiten a atacantes remotos tener un impacto desconocido mediante un vector no especificado relativo a \"suscribir\"."
    }
  ],
  "id": "CVE-2007-3927",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-21T00:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/45818"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/45819"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26123"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24962"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018421"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2574"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/45818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/45819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-3927

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3927

Aliases

CVE-2007-3927

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3927",
    "description": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\"",
    "id": "GSD-2007-3927"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3927"
      ],
      "details": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\"",
      "id": "GSD-2007-3927",
      "modified": "2023-12-13T01:21:41.674228Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3927",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2574",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2574"
          },
          {
            "name": "24962",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24962"
          },
          {
            "name": "ipswitch-imail-subscribe-bo(35505)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
          },
          {
            "name": "45819",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/45819"
          },
          {
            "name": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease",
            "refsource": "CONFIRM",
            "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
          },
          {
            "name": "45818",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/45818"
          },
          {
            "name": "1018421",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018421"
          },
          {
            "name": "ipswitch-imail-imailsec-bo(35504)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
          },
          {
            "name": "26123",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26123"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2006.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2006.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3927"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"
            },
            {
              "name": "24962",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/24962"
            },
            {
              "name": "1018421",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018421"
            },
            {
              "name": "26123",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26123"
            },
            {
              "name": "45818",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/45818"
            },
            {
              "name": "45819",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/45819"
            },
            {
              "name": "ADV-2007-2574",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2574"
            },
            {
              "name": "ipswitch-imail-subscribe-bo(35505)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505"
            },
            {
              "name": "ipswitch-imail-imailsec-bo(35504)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:32Z",
      "publishedDate": "2007-07-21T00:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3927 (GCVE-0-2007-3927)

VAR-200707-0112

GHSA-RGW4-FQ4J-G37Q

FKIE_CVE-2007-3927

GSD-2007-3927

Tags

Sightings

Nomenclature