CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2003-0721
https://notcve.org/view.php?id=CVE-2003-0721
12 Sep 2003 — Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. Error de falta de signo de entero en rfc2231_get_param de strings.c en PINE anteriores a 4.58 permite a atacantes remotos ejecutar mediante un correo electrónico que causa un acceso fuera de límites de un array usando un número negativo. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2001-0736 – University of Washington Pico 3.x/4.x - File Overwrite
https://notcve.org/view.php?id=CVE-2001-0736
12 Oct 2001 — Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. • https://www.exploit-db.com/exploits/20493 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-1999-1187
https://notcve.org/view.php?id=CVE-1999-1187
26 Aug 1996 — Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. • http://marc.info/?l=bugtraq&m=87602167419803&w=2 •