CVSS: 5.3EPSS: 21%CPEs: 8EXPL: 6CVE-2023-51764 – postfix: SMTP smuggling vulnerability
https://notcve.org/view.php?id=CVE-2023-51764
24 Dec 2023 — Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-10140 – libdb: Reads DB_CONFIG from the current working directory
https://notcve.org/view.php?id=CVE-2017-10140
22 Nov 2017 — Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. Postfix, en versiones anteriores a la 2.11.10, versiones 3.0.x anteriores a la 3.0.10, versiones 3.1.x anteriores a la 3.1.6 y versiones 3.2.x anteriores a la 3.2.2, podría permitir que usuarios locales obtengan privilegios aprovechando una ... • http://seclists.org/oss-sec/2017/q3/285 •
CVSS: 8.8EPSS: 0%CPEs: 45EXPL: 1CVE-2012-0811
https://notcve.org/view.php?id=CVE-2012-0811
01 Oct 2014 — Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. Múltiples vulnerabilidades de inyección SQL en Postfix Admin (también conocido como postfixadmin) anterior a 2.3.5 permiten a usuarios remotos autenticados ejecutar comandos SQL a través de (... • http://www.codseq.it/advisories/multiple_vulnerabilities_in_postfixadmin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2003-0468
https://notcve.org/view.php?id=CVE-2003-0468
05 Aug 2003 — Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. Postfix 1.1.11 y anteriores permite a atacantes remotos usar Postfix para llevar a cabo "escaneos de rebote" o ataques de denegación de servicio distribuidos (DDoS) contra otr... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717 •
CVSS: 7.5EPSS: 54%CPEs: 9EXPL: 2CVE-2003-0540 – Postfix 1.1.x - Denial of Service
https://notcve.org/view.php?id=CVE-2003-0540
05 Aug 2003 — The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. El código de procesamiento de direcciones en Postfix 1.1.12 y anteriores permite a atacan... • https://www.exploit-db.com/exploits/22981 •