8 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. maidag en GNU Mailutils versiones anteriores 3.8, se instaló un setuid y permite una escalada de privilegios locales en el modo url. GNU Mailutils versions 2.0 through 3.7 suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47703 http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS https://security.gentoo.org/glsa/202006-12 •

CVSS: 7.5EPSS: 87%CPEs: 1EXPL: 4

Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. • https://www.exploit-db.com/exploits/1234 https://www.exploit-db.com/exploits/3787 https://www.exploit-db.com/exploits/1209 http://marc.info/?l=bugtraq&m=112785181316043&w=2 http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407 http://secunia.com/advisories/16783 http://secunia.com/advisories/17020 http://www.debian.org/security/2005/dsa-841 http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml http://www.idefense.com/application/poi/display&# •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031 http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. • http://secunia.com/advisories/15442 http://securitytracker.com/id?1014052 http://www.debian.org/security/2005/dsa-732 http://www.idefense.com/application/poi/display?id=247&type=vulnerabilities http://www.securityfocus.com/bid/13765 •

CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0

Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. • http://secunia.com/advisories/15442 http://securitytracker.com/id?1014052 http://www.debian.org/security/2005/dsa-732 http://www.idefense.com/application/poi/display?id=248&type=vulnerabilities http://www.securityfocus.com/bid/13763 •