Page 2 of 10 results (0.010 seconds)

CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. El procesador de argumentos de la orden PARTIAL de Cyrus IMAP Server 2.2.6 y anteriores permite a usuarios remotos autentificados ejecutar código de su elección mediante una cierta orden ("body[p") que es tratada como una orden distinta ("body.peek") y produce un error de incremento de índice que conduce a una corrupción de memoria fuera de límites. • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 http://asg.web.cmu.edu/cyrus/download/imapd/changes.html http://marc.info/?l=bugtraq&m=110123023521619&w=2 http://secunia.com/advisories/13274 http://security.e-matters.de/advisories/152004.html http://security.gentoo.org/glsa/glsa-200411-34.xml http://www.debian.org/security/2004/dsa-597 http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 https://exchange.xforce.ibmcloud.com/vu •

CVSS: 10.0EPSS: 10%CPEs: 23EXPL: 0

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. El procesador de argumentos de la orden FETCH de Cyrus IMAP Server 2.2.x a 2.2.8 permite a usuarios remotos autenticados ejecutar código de su elección mediante ciertos comandos como (1) "body[p", (2) "binary[p", o (3) "binary[p" que producen un error de incremento de índice que conduce a una corrupción de memoria fuera de límites. • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 http://asg.web.cmu.edu/cyrus/download/imapd/changes.html http://marc.info/?l=bugtraq&m=110123023521619&w=2 http://secunia.com/advisories/13274 http://security.e-matters.de/advisories/152004.html http://security.gentoo.org/glsa/glsa-200411-34.xml http://www.debian.org/security/2004/dsa-597 http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 https://www.ubuntu.com/usn/usn-31& •

CVSS: 7.5EPSS: 38%CPEs: 6EXPL: 3

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347. Desbordamiento de enteros en imapparse.c de Cyrus IMAP server 1.4 y 2.1.10 permite a atacantes remotos ejecutar código arbitrario mediante un valor de longitud grande que facilita un ataque de desbordamiento de búfer, una vulnerabilidad distinta de CAN-2002-1347. • https://www.exploit-db.com/exploits/22061 http://asg.web.cmu.edu/cyrus/download/imapd/changes.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557 http://www.debian.org/security/2002/dsa-215 http://www.kb.cert.org/vuls/id/740169 http://www.securityfocus.com/archive/1/301864 http://www.securityfocus.com/bid/6298 https://exchange.xforce.ibmcloud.com/vulnerabilities/10744 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. • http://www.securityfocus.com/archive/1/211056 http://www.securityfocus.com/bid/3260 https://exchange.xforce.ibmcloud.com/vulnerabilities/7053 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. • http://www.redhat.com/support/errata/RHSA-2000-094.html http://www.securityfocus.com/bid/1875 https://exchange.xforce.ibmcloud.com/vulnerabilities/5427 •