2 results (0.010 seconds)

CVSS: 7.5EPSS: 32%CPEs: 7EXPL: 0

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely. • ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html http://rhn.redhat.com/errata/RHSA-2006-0276.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/17062 http://secunia.com/advisories/17148 http://secunia.com/advisories/17152 http://secunia.com/advisories/17215 http://secunia.com/ad •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. • http://online.securityfocus.com/archive/1/275127 http://www.security.nnov.ru/advisories/courier.asp http://www.securityfocus.com/bid/4909 http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 https://exchange.xforce.ibmcloud.com/vulnerabilities/9238 •