CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2007-2173
https://notcve.org/view.php?id=CVE-2007-2173
24 Apr 2007 — Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. Vulnerabilidad de evaluación directa de código dinámico (eval injection) en (1) courier-imapd.indirect y (2) courier-pop3d.indirect en Courier-IMAP anterior a 4.0.6-r2, y 4.1.x anterior a 4.1.2-r1, en Gentoo Linux permite a atacant... • http://bugs.gentoo.org/show_bug.cgi?id=168196 •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2006-2659
https://notcve.org/view.php?id=CVE-2006-2659
30 May 2006 — libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2005-3532
https://notcve.org/view.php?id=CVE-2005-3532
11 Dec 2005 — authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2151
https://notcve.org/view.php?id=CVE-2005-2151
06 Jul 2005 — spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. • http://secunia.com/advisories/15901 •
CVSS: 9.8EPSS: 3%CPEs: 22EXPL: 0CVE-2004-0224
https://notcve.org/view.php?id=CVE-2004-0224
16 Mar 2004 — Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Múltiples desobordamientos de búfer en (1) iso2022jp.c o (2) shiftjis.c de Courier-IMAP anteriores a 3.0.0, Courier anteriores a 0.45, y SQWebMail anteriores a 4.0.0 pueden permitir a atacantes remotos ejecutar código arbitrario "cuando el carácter Unicode está fuera de ... • http://secunia.com/advisories/11087 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0040
https://notcve.org/view.php?id=CVE-2003-0040
19 Feb 2003 — SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. Vulnerabilidad de inyección de SQL en módulo auth de PostgreSQL en courier 0.40 y anteriores permite a atacantes remotos ejecutar código SQL mediante el nombre de usuario. • http://www.debian.org/security/2003/dsa-247 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1311
https://notcve.org/view.php?id=CVE-2002-1311
29 Nov 2002 — Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. Courier sqwebmail antes de 0.40.0 no deja privilegios rápidamente despues del inicio, lo que podría permitir a usuarios locales leer ficheros arbitrarios. • http://marc.info/?l=bugtraq&m=103794021013436&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0914
https://notcve.org/view.php?id=CVE-2002-0914
04 Oct 2002 — Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. • http://sourceforge.net/project/shownotes.php?release_id=93065 •