D4Rkgr3Y

**Name of the Vulnerable Software and Affected Versions** MDaemon versions 6.7.5 and earlier **Description** The issue is related to a buffer overflow in the IMAP service, allowing remote authenticated users to cause a denial of service (crash) and potentially execute arbitrary code. This can be achieved by sending a CREATE command with a long mailbox name. **Recommendations** For MDaemon versions 6.7.5 and earlier, update to a version later than 6.7.5 to resolve the issue. As a temporary workaround, consider restricting access to the IMAP service or limiting the length of mailbox names to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: Son hServer version 0.2 Description: The issue allows remote attackers to read arbitrary files via ".|." (modified dot-dot) sequences, which is a type of directory traversal attack. This can potentially lead to unauthorized access to sensitive information. Recommendations: For Son hServer version 0.2, update to a newer version that addresses this issue, if available. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Magic WinMail Server versions 2.3 and possibly other 2.x versions Description: The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the "PASS command". Recommendations: For Magic WinMail Server version 2.3, update to a version that fixes this issue. For other possibly affected 2.x versions, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the PASS command until a patch is available.

Name of the Vulnerable Software and Affected Versions: ST FTP Service version 3.0 Description: A directory traversal issue allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument, such as `E:`. Recommendations: For ST FTP Service version 3.0, consider restricting access to the CD command or disabling it until a patch is available to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: Prishtina FTP client versions 1.x Description: A buffer overflow issue allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner. Recommendations: For Prishtina FTP client versions 1.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.