CVE-2007-4211 – Dovecot possible privilege ascalation in ACL plugin
https://notcve.org/view.php?id=CVE-2007-4211
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. La extensión ACL del Dovecot anterior a la 1.0.3 permite a usuarios remotos autenticados, con derechos de inserción, guardar ciertos indicadores a través de los comandos (1) COPY o (2) APPEND. • http://secunia.com/advisories/26320 http://secunia.com/advisories/26475 http://secunia.com/advisories/30342 http://www.dovecot.org/list/dovecot-news/2007-August/000048.html http://www.redhat.com/support/errata/RHSA-2008-0297.html http://www.securityfocus.com/bid/25182 https://exchange.xforce.ibmcloud.com/vulnerabilities/35767 https://issues.rpath.com/browse/RPL-1621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11558 https://access.redhat.com •
CVE-2006-2414
https://notcve.org/view.php?id=CVE-2006-2414
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. • http://dovecot.org/list/dovecot-cvs/2006-May/005563.html http://secunia.com/advisories/20308 http://secunia.com/advisories/20315 http://securityreason.com/securityalert/913 http://www.debian.org/security/2006/dsa-1080 http://www.dovecot.org/list/dovecot-news/2006-May/000006.html http://www.securityfocus.com/archive/1/433878/100/0/threaded http://www.securityfocus.com/bid/17961 http://www.vupen.com/english/advisories/2006/2013 https://exchange.xforce.ibmcloud.com/vulnerabili •
CVE-2006-0730
https://notcve.org/view.php?id=CVE-2006-0730
Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability. • http://secunia.com/advisories/18870 http://www.dovecot.org/list/dovecot/2006-February/011367.html http://www.securityfocus.com/bid/16672 http://www.vupen.com/english/advisories/2006/0549 https://exchange.xforce.ibmcloud.com/vulnerabilities/24709 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •