CVE-2001-0192

XMail < 0.66 - Buffer Overflow via CTRLServer cfgfileget or domaindel Functions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0192. PoCs published by isno.

AI-analyzed exploit summary This exploit targets a buffer overflow in XMail CTRLServer's cfgfileget command, allowing remote code execution with root privileges. It uses a bind shell shellcode to open a port for remote access.

Description

Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by isno · cremotelinux

https://www.exploit-db.com/exploits/20622

View Code ZIP pw:eip

This exploit targets a buffer overflow in XMail CTRLServer's cfgfileget command, allowing remote code execution with root privileges. It uses a bind shell shellcode to open a port for remote access.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XMail 0.65/0.66

Auth required

Prerequisites: Valid username and password for XMail CTRLServer · Network access to target on port 6017

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://xmailserver.org/XMail-Readme.txt

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-02/0047.html

Scores

EPSS 0.0809

EPSS Percentile 94.1%

Details

Status published

Products (1)

davide_libenzi/xmail < 0.66

Published May 03, 2001

Tracked Since Feb 18, 2026