• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NullLogic Null Webmail Format String Vulnerability

A format string vulnerability has been reported for Null Webmail 0.64. Allegedly, there exists errors in the server code. By supplying maliciously contructed format strings to the vulnerable functions, it may be possible to corrupt memory with attacker-supplied data. This may result in arbitrary code execution with the privileges of the server.