Dennis Rand

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.

Name of the Vulnerable Software and Affected Versions: Novell NetMail versions prior to 3.52e FTF2 Description: The issue is related to a stack-based buffer overflow in the IMAP daemon. This occurs when a long argument is passed to the SUBSCRIBE command, allowing remote authenticated users to execute arbitrary code. Recommendations: For versions prior to 3.52e FTF2, update to version 3.52e FTF2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SUBSCRIBE command in the IMAP daemon until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Novell NetMail versions prior to 3.52e FTF2 **Description** The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved in two ways: by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow, or via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. **Recommendations** For Novell NetMail versions prior to 3.52e FTF2, update to version 3.52e FTF2 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMAPD and NMAP daemon to minimize the risk of exploitation. Avoid using crafted arguments to the STOR command until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Novell NetMail versions prior to 3.52e FTF2 Description: The issue allows remote authenticated users to cause a denial of service. This is achieved via an APPEND command with a single "(" (parenthesis) in the argument. Recommendations: For versions prior to 3.52e FTF2, update to version 3.52e FTF2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sentinel License Manager version 7.2.0.2 **Description** The issue is related to a buffer overflow in the Sentinel LM (Lservnt) service. This allows remote attackers to execute arbitrary code by sending a large amount of data to the UDP port 5093. **Recommendations** For Sentinel License Manager version 7.2.0.2, consider restricting access to UDP port 5093 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CMailServer version 4.0.2003.03.27 Description: The issue concerns multiple buffer overflows in the SMTP Service for ESMTP, allowing remote attackers to execute arbitrary code. This can be achieved by sending long commands, specifically the `MAIL FROM` or `RCPT TO` commands. Recommendations: For CMailServer version 4.0.2003.03.27, consider restricting the length of `MAIL FROM` and `RCPT TO` commands to prevent buffer overflows until a patch is available. Additionally, limiting access to the SMTP Service can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: FTGatePro version 1.22 Description: The issue concerns multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by sending long commands, specifically the MAIL FROM or RCPT TO commands. Recommendations: For FTGatePro version 1.22, update to a version that contains a fix for this issue to prevent remote attackers from executing arbitrary code.