CVSS: 9.8EPSS: 15%CPEs: 8EXPL: 1CVE-2004-0777 – Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format String
https://notcve.org/view.php?id=CVE-2004-0777
19 Aug 2004 — Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. Vulnerabilidad de cadena de formato en la función auth_debug en Courier-IMAP 1.6.0 a 2.2.1, cuando se activa el registro de depuración (DEBUG_LOGIN), permite a atacantes remotos ejecutar código de su elección. • https://www.exploit-db.com/exploits/432 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.8EPSS: 12%CPEs: 1EXPL: 2CVE-2004-0591 – SqWebMail 4.0.4.20040524 - Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0591
24 Jun 2004 — Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función print_header_uc de SqWebMail 4.0.4 y anteriores, y posiblemente 3.x, permite a atacantes remotos inyectar script web arbitrario o HTML mediante (1) cabec... • https://www.exploit-db.com/exploits/24227 •
CVSS: 9.8EPSS: 3%CPEs: 22EXPL: 0CVE-2004-0224
https://notcve.org/view.php?id=CVE-2004-0224
16 Mar 2004 — Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Múltiples desobordamientos de búfer en (1) iso2022jp.c o (2) shiftjis.c de Courier-IMAP anteriores a 3.0.0, Courier anteriores a 0.45, y SQWebMail anteriores a 4.0.0 pueden permitir a atacantes remotos ejecutar código arbitrario "cuando el carácter Unicode está fuera de ... • http://secunia.com/advisories/11087 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 3CVE-2002-1414 – qmailadmin 1.0.x - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1414
11 Apr 2003 — Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. Desbordamiento de búfer en qmailadmin permite a usuarios locales ganar privilegios mediante una varibale de entorno QMAILADMIN_TEMPLATEDIR larga. • https://www.exploit-db.com/exploits/21683 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0040
https://notcve.org/view.php?id=CVE-2003-0040
19 Feb 2003 — SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. Vulnerabilidad de inyección de SQL en módulo auth de PostgreSQL en courier 0.40 y anteriores permite a atacantes remotos ejecutar código SQL mediante el nombre de usuario. • http://www.debian.org/security/2003/dsa-247 •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2001-0990
https://notcve.org/view.php?id=CVE-2001-0990
04 Sep 2001 — Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. • http://www.inter7.com/vpopmail/ChangeLog •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0583
https://notcve.org/view.php?id=CVE-2000-0583
30 Jun 2000 — vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. • http://www.securityfocus.com/bid/1418 •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 1CVE-2000-0091 – Inter7 vpopmail (vchkpw) 3.4.11 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0091
21 Jan 2000 — Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. • https://www.exploit-db.com/exploits/19727 •