cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

CVE-2025-15366

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

CVE-2025-15366 IMAP command injection in user-controlled commands

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

PT-2026-3663

Name of the Vulnerable Software and Affected Versions imaplib affected versions not specified Description The imaplib module is susceptible to command injection when processing user-supplied commands. Specifically, the module can be exploited by injecting additional commands using newline...

AZL-6861 CVE-2021-32066 affecting package ruby for versions less than 2.7.4-1

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

CVE-2020-13163

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

CVE-2020-13163

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

Roundcube Webmail 0.8.0 - Stored XSS

No description provided by source. !/usr/bin/python ''' Exploit Title: Roundcube Webmail Stored XSS. Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://roundcube.net Software Link:...

MGASA-2014-0139 Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

UBUNTU-CVE-2013-1752

Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not y...

imap-brute NSE Script

Performs brute force password auditing against IMAP servers using either LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 or NTLM authentication. Script Arguments imap-brute.auth authentication mechanism to use LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 or NTLM passdb, unpwdb.passlimit, unpwdb.timelimit,...

Fedora 10 : maniadrive-1.2-13.fc10 / php-5.2.9-2.fc10 (2009-3768)

Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2008-5557 A directory...