8 results (0.010 seconds)

CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. Vulnerabilidad de evaluación directa de código dinámico (eval injection) en (1) courier-imapd.indirect y (2) courier-pop3d.indirect en Courier-IMAP anterior a 4.0.6-r2, y 4.1.x anterior a 4.1.2-r1, en Gentoo Linux permite a atacantes remotos ejecutar comandos de su elección a través de la variable XMAILDIR, relacionada con la variable LOGINRUN. • http://bugs.gentoo.org/show_bug.cgi?id=168196 http://osvdb.org/35274 http://secunia.com/advisories/24963 http://security.gentoo.org/glsa/glsa-200704-18.xml http://www.securityfocus.com/bid/23589 https://exchange.xforce.ibmcloud.com/vulnerabilities/33805 •

CVSS: 7.8EPSS: 8%CPEs: 8EXPL: 0

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834 http://secunia.com/advisories/20519 http://secunia.com/advisories/20548 http://secunia.com/advisories/20792 http://secunia.com/advisories/21350 http://security.gentoo.org/glsa/glsa-200608-06.xml http://securitytracker.com/id?1016248 http://www.courier-mta.org/beta/patches/verp-fix/README.txt http://www.debian.org/security/2006/dsa-1101 http://www.securityfocus.com/bid/18345 http://www.vupen.com/english/advisori •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920 http://secunia.com/advisories/17919 http://secunia.com/advisories/17999 http://www.debian.org/security/2005/dsa-917 http://www.securityfocus.com/bid/15771 https://exchange.xforce.ibmcloud.com/vulnerabilities/23532 https://usn.ubuntu.com/226-1 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. • http://secunia.com/advisories/15901 http://www.courier-mta.org/?changelog.html •

CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Múltiples desobordamientos de búfer en (1) iso2022jp.c o (2) shiftjis.c de Courier-IMAP anteriores a 3.0.0, Courier anteriores a 0.45, y SQWebMail anteriores a 4.0.0 pueden permitir a atacantes remotos ejecutar código arbitrario "cuando el carácter Unicode está fuera de rango BMP". • http://secunia.com/advisories/11087 http://sourceforge.net/project/shownotes.php?release_id=5767 http://www.securityfocus.com/bid/9845 https://exchange.xforce.ibmcloud.com/vulnerabilities/15434 •