Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MailEnable SMTP NTLM认证多个预认证漏洞
Vulnerability Description
MailEnable是一款商业性质的POP3和SMTP服务器。 MailEnable的NTLM认证过程中SMTP连接器存在3个预认证漏洞。 1. 在处理NTLM Type1消息的签名字段时存在缓冲区溢出,可能导致执行任意代码; 2. 在处理base64编码的NTLM Type1消息中安全缓冲区时存在越界读取,可能导致拒绝服务; 3. 在Type3消息的base64编码过程中存在越界读取,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A