CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2937 – postfix improper mailbox permissions
https://notcve.org/view.php?id=CVE-2008-2937
18 Aug 2008 — Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. Postfix 2.5 anterior a 2.5.4 y 2.6 anterior a 2.6-20080814 envía a un archivo buzón incluso cuando este archivo no es propiedad del receptor, lo que permite a usuarios locales leer mensajes de correo creando un archivo buzón correspondiente con el nombre de c... • ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2005-0337
https://notcve.org/view.php?id=CVE-2005-0337
10 Feb 2005 — Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2003-0468
https://notcve.org/view.php?id=CVE-2003-0468
05 Aug 2003 — Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. Postfix 1.1.11 y anteriores permite a atacantes remotos usar Postfix para llevar a cabo "escaneos de rebote" o ataques de denegación de servicio distribuidos (DDoS) contra otr... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 •
CVSS: 7.5EPSS: 54%CPEs: 9EXPL: 2CVE-2003-0540 – Postfix 1.1.x - Denial of Service
https://notcve.org/view.php?id=CVE-2003-0540
05 Aug 2003 — The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. El código de procesamiento de direcciones en Postfix 1.1.12 y anteriores permite a atacan... • https://www.exploit-db.com/exploits/22981 •