3 results (0.003 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session. Se ha detectado un problema en el componente POP3 de Courier Mail Server versiones anteriores a 1.1.5. Unos atacantes de tipo Meddler-in-the-middle pueden canalizar comandos después del comando POP3 STLS, inyectando comandos en texto plano en una sesión de usuario cifrada • https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 https://sourceforge.net/p/courier/mailman/message/37329216 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920 http://secunia.com/advisories/17919 http://secunia.com/advisories/17999 http://www.debian.org/security/2005/dsa-917 http://www.securityfocus.com/bid/15771 https://exchange.xforce.ibmcloud.com/vulnerabilities/23532 https://usn.ubuntu.com/226-1 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. • http://secunia.com/advisories/15901 http://www.courier-mta.org/?changelog.html •