4 results (0.447 seconds)

CVSS: 7.5EPSS: 32%CPEs: 7EXPL: 0

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely. • ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html http://rhn.redhat.com/errata/RHSA-2006-0276.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/17062 http://secunia.com/advisories/17148 http://secunia.com/advisories/17152 http://secunia.com/advisories/17215 http://secunia.com/ad •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users. • http://secunia.com/advisories/14057 http://secunia.com/advisories/14097 http://securitytracker.com/id?1013037 http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml http://www.kb.cert.org/vuls/id/702777 http://www.kb.cert.org/vuls/id/CRDY-68QSL5 http://www.mandriva.com/security/advisories?name=MDKSA-2005:026 http://www.redhat.com/support/errata/RHSA-2005-128.html http://www.securityfocus.com/bid/12391 https://oval.cisecurity.org/repository/search/definition/oval& •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. • http://online.securityfocus.com/archive/1/275127 http://www.security.nnov.ru/advisories/courier.asp http://www.securityfocus.com/bid/4909 http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 https://exchange.xforce.ibmcloud.com/vulnerabilities/9238 •

CVSS: 7.5EPSS: 32%CPEs: 4EXPL: 2

Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. • https://www.exploit-db.com/exploits/21442 https://www.exploit-db.com/exploits/21443 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487 http://marc.info/?l=bugtraq&m=102107222100529&w=2 http://online.securityfocus.com/advisories/4167 http://www.iss.net/security_center/static/9055.php http://www.kb.cert.org/vuls/id/961489 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php •