Nima Majidi

**Name of the Vulnerable Software and Affected Versions** YPOPs! (aka YahooPOPS) versions 0.4 through 0.6 **Description** The issue is related to multiple stack-based buffer overflows that can be triggered by remote attackers. This can be achieved via a long POP3 USER command or an SMTP request. The overflows can cause a denial of service, leading to a crash, and potentially allow the execution of arbitrary code. **Recommendations** For YPOPs! (aka YahooPOPS) versions 0.4 through 0.6, consider restricting access to the POP3 USER command and SMTP requests until a patch is available. As a temporary workaround, limiting the length of input for these commands may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailEnable Professional Edition version 1.52 MailEnable Enterprise Edition version 1.01 **Description** The issue is related to a buffer overflow in the IMAP service, which can be exploited by remote attackers to execute arbitrary code. This can be achieved by sending either a long command string or a long string to the MEIMAP service and then terminating the connection. **Recommendations** For MailEnable Professional Edition version 1.52, update to a version that fixes the buffer overflow issue in the IMAP service. For MailEnable Enterprise Edition version 1.01, update to a version that fixes the buffer overflow issue in the IMAP service. As a temporary workaround, consider restricting access to the IMAP service to minimize the risk of exploitation.