vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2)...
6.9AI Score
0.017EPSS
Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a...
7.1AI Score
0.004EPSS
Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary...
8AI Score
0.007EPSS
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting...
7AI Score
0.012EPSS
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or...
7.4AI Score
0.041EPSS