2 results (0.009 seconds)

CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 1

Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. Vulnerabilidad de cadena de formato en la función auth_debug en Courier-IMAP 1.6.0 a 2.2.1, cuando se activa el registro de depuración (DEBUG_LOGIN), permite a atacantes remotos ejecutar código de su elección. • https://www.exploit-db.com/exploits/432 http://security.gentoo.org/glsa/glsa-200408-19.xml http://www.securityfocus.com/bid/10976 http://www.trustix.net/errata/2004/0043 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=131 https://exchange.xforce.ibmcloud.com/vulnerabilities/17034 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Múltiples desobordamientos de búfer en (1) iso2022jp.c o (2) shiftjis.c de Courier-IMAP anteriores a 3.0.0, Courier anteriores a 0.45, y SQWebMail anteriores a 4.0.0 pueden permitir a atacantes remotos ejecutar código arbitrario "cuando el carácter Unicode está fuera de rango BMP". • http://secunia.com/advisories/11087 http://sourceforge.net/project/shownotes.php?release_id=5767 http://www.securityfocus.com/bid/9845 https://exchange.xforce.ibmcloud.com/vulnerabilities/15434 •