Atrium SoftwareCVEs & Vulnerabilities

14 CVEs affecting Atrium Software products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

mercur mailserver 18mercur messaging 2005 6mercur imapd 2mercur imap4 server 2mercur pop3 server 2mercur 1cassandra nntp server 1
CVE-2007-1579CRITICALpoc

Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.

22 Mar 2007
10.0
CVSS
CVE-2007-1578CRITICALpoc

Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.

22 Mar 2007
10.0
CVSS
CVE-2006-7038HIGH

Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.

23 Feb 2007
7.8
CVSS
CVE-2006-7039MEDIUM

The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.

23 Feb 2007
5.0
CVSS
CVE-2006-7040HIGH

Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service.

23 Feb 2007
7.8
CVSS
CVE-2006-7041HIGH

The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.

23 Feb 2007
7.8
CVSS
CVE-2003-1322CRITICAL

Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.

31 Dec 2003
10.0
CVSS
CVE-2003-1177HIGHpoc

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

31 Dec 2003
7.5
CVSS
CVE-2002-1073HIGHpoc

Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password.

4 Oct 2002
7.5
CVSS
CVE-2001-0280CRITICALpoc

Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.

3 May 2001
10.0
CVSS
CVE-2000-0341MEDIUMpoc

ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.

1 May 2000
5.0
CVSS
CVE-2000-0318HIGH

Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.

21 Apr 2000
7.5
CVSS
CVE-2000-0198MEDIUMpoc

Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.

15 Mar 2000
5.0
CVSS
CVE-2000-0239MEDIUMpoc

Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.

15 Mar 2000
5.0
CVSS
← PrevPage 1 / 1Next →