PT-2026-30031

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report...

CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...

EUVD-2006-1178

Malware in sbrugna...

EUVD-2010-3690

Malware in sbrugna...

FreeScout 安全漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A security vulnerability exists in FreeScout versions prior to 1.8.179 that stems from not validating a user's notification setting permissions for a...

[slackware-security] aaa_base

New aaabase packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaabase-15.0-i586-4slack15.0.txz: Rebuilt. If root's mailbox did not already exist, it would be created with insecure permissions...

CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...

CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...

Cross site scripting

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...

CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...

Oracle Linux 3 : shadow-utils (ELSA-2007-0431)

From Red Hat Security Advisory 2007:0431 : An updated shadow-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for...

CentOS 4 : shadow-utils (CESA-2007:0276)

Updated shadow-utils packages that fix a security issue and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow...

Scientific Linux Security Update : postfix on SL4.x, SL5.x i386/x86_64

It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands bei...

CentOS Update for postfix CESA-2011:0422 centos4 i386

Check for the Version of postfix OpenVAS Vulnerability Test CentOS Update for postfix CESA-2011:0422 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

postfix improper mailbox permissions

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...

DEBIAN-CVE-2010-3779

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared...

CVE-2010-3707

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving...

CentOS 3 : shadow-utils (CESA-2007:0431)

An updated shadow-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow...

Low: Red Hat Security Advisory: shadow-utils security and bug fix update

An updated shadow-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow...

security flaw

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the...