5 results (0.006 seconds)

CVSS: 7.8EPSS: 8%CPEs: 8EXPL: 0

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834 http://secunia.com/advisories/20519 http://secunia.com/advisories/20548 http://secunia.com/advisories/20792 http://secunia.com/advisories/21350 http://security.gentoo.org/glsa/glsa-200608-06.xml http://securitytracker.com/id?1016248 http://www.courier-mta.org/beta/patches/verp-fix/README.txt http://www.debian.org/security/2006/dsa-1101 http://www.securityfocus.com/bid/18345 http://www.vupen.com/english/advisori •

CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Múltiples desobordamientos de búfer en (1) iso2022jp.c o (2) shiftjis.c de Courier-IMAP anteriores a 3.0.0, Courier anteriores a 0.45, y SQWebMail anteriores a 4.0.0 pueden permitir a atacantes remotos ejecutar código arbitrario "cuando el carácter Unicode está fuera de rango BMP". • http://secunia.com/advisories/11087 http://sourceforge.net/project/shownotes.php?release_id=5767 http://www.securityfocus.com/bid/9845 https://exchange.xforce.ibmcloud.com/vulnerabilities/15434 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. Vulnerabilidad de inyección de SQL en módulo auth de PostgreSQL en courier 0.40 y anteriores permite a atacantes remotos ejecutar código SQL mediante el nombre de usuario. • http://www.debian.org/security/2003/dsa-247 http://www.securityfocus.com/bid/6738 https://exchange.xforce.ibmcloud.com/vulnerabilities/11213 •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. Courier sqwebmail antes de 0.40.0 no deja privilegios rápidamente despues del inicio, lo que podría permitir a usuarios locales leer ficheros arbitrarios. • http://marc.info/?l=bugtraq&m=103794021013436&w=2 http://www.debian.org/security/2002/dsa-197 http://www.iss.net/security_center/static/10643.php http://www.securityfocus.com/bid/6189 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. • http://sourceforge.net/project/shownotes.php?release_id=93065 http://www.iss.net/security_center/static/9228.php http://www.osvdb.org/5052 http://www.securityfocus.com/bid/4908 •