Lucene search
K

96 matches found

Cvelist
Cvelist
added 2006/05/16 10:0 a.m.19 views

CVE-2006-2414

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the 1 LIST or 2 DELETE IMAP command...

6.3AI score0.0239EPSS
Exploits0References10
Gentoo Linux
Gentoo Linux
added 2006/03/12 12:0 a.m.37 views

SquirrelMail: Cross-site scripting and IMAP command injection

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...

5CVSS7.1AI score0.02296EPSS
Exploits1
securityvulns
securityvulns
added 2006/02/28 12:0 a.m.40 views

[ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail

============================================= INTERNET SECURITY AUDITORS ALERT 2006-002 - Original release date: February 27, 2006 - Last revised: February 27, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY...

5CVSS0.3AI score0.02296EPSS
Exploits1
NVD
NVD
added 2006/02/24 12:2 a.m.14 views

CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimapmailboxselect command, aka "IMAP injection."...

5CVSS7AI score0.02296EPSS
Exploits1References20
Cvelist
Cvelist
added 2006/02/24 12:0 a.m.19 views

CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimapmailboxselect command, aka "IMAP injection."...

6.8AI score0.02296EPSS
Exploits1References20
CVE
CVE
added 2006/02/24 12:0 a.m.98 views

CVE-2006-0377

CVE-2006-0377 affects SquirrelMail 1.4.0–1.4.5, enabling CRLF injection in the sqimap_mailbox_select path to inject IMAP commands. The Debian/DSA-988 advisory and related OpenVAS entries confirm this trio of vulnerabilities and note a fixed version (Debian: 1.2.6-5 for old Woody; CentOS/Red Hat a...

5CVSS6.8AI score0.02296EPSS
Exploits1References20Affected Software1
Prion
Prion
added 2006/02/10 11:2 a.m.11 views

Buffer overflow

Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. NOTE: this is a different vector and a different manipulation than CVE-2005-4267, so it...

7.5CVSS8.1AI score0.66803EPSS
Exploits10References1Affected Software1
NVD
NVD
added 2005/12/21 11:3 a.m.20 views

CVE-2005-4267

Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "" character, as demonstrated using long 1 LIST, 2 LSUB, 3 SEARCH TEXT, 4 STATUS INBOX, 5 AUTHENTICATE, 6 FETCH, 7 SELECT, and 8 COPY commands...

7.5CVSS7.9AI score0.66803EPSS
Exploits10References7
NVD
NVD
added 2005/11/16 9:22 p.m.12 views

CVE-2005-3640

Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate FTGate4 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command...

10CVSS7.8AI score0.08811EPSS
Exploits1References7
securityvulns
securityvulns
added 2004/11/27 12:0 a.m.25 views

MailEnable buffer overflow

Buffer overflow on oversized IMAP command...

4.5AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.25 views

SurgeMail < 3.9g2-2 IMAP Command Handling Unspecified DoS

Binary data 4555.prm...

5CVSS7.3AI score0.03377EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2000/12/19 12:0 a.m.29 views

Netscape Messaging Server IMAP LIST Command Remote Overflow

There is a buffer overflow in the remote imap server which allows an authenticated user to obtain a remote shell. A way to reproduce the overflow is to issue the command : list AAAAA...AAAA / %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

10CVSS5.9AI score0.02386EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/09/28 12:0 a.m.32 views

Дырка в Netscape Messaging Server

Классическое переполнение буфера в IMAP-команде list...

1.3AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2000/03/14 12:0 a.m.14 views

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows 2 source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2000/03/14 12:0 a.m.18 views

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)

source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash if...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/03/14 12:0 a.m.26 views

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)

// source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash...

7.4AI score
Exploits0
Rows per page
Query Builder