31 matches found
CVE-2026-47089
A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user can exploit this vulnerability by using the IMAP LISTRIGHTS command. This allows the user to learn the access permissions of any mailbox they can name, which should be restricted to administrators. This leads to unauthorized...
CVE-2026-47082
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc to save a copy of the sent message could deliver vacation auto-reply copies into any mailbox the script could name,...
PT-2026-60554
Name of the Vulnerable Software and Affected Versions Cyrus IMAP versions prior to 3.12.3 Description An issue exists where tokens issued via the GENURLAUTH command can bypass Access Control Lists ACLs. An authenticated user can generate a URLAUTH token for any specified mailbox, regardless of...
PT-2026-30031
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report...
CVE-2016-10767
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...
EUVD-2006-1178
Malware in sbrugna...
EUVD-2010-3690
Malware in sbrugna...
FreeScout 安全漏洞
FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A security vulnerability exists in FreeScout versions prior to 1.8.179 that stems from not validating a user's notification setting permissions for a...
[slackware-security] aaa_base
New aaabase packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaabase-15.0-i586-4slack15.0.txz: Rebuilt. If root's mailbox did not already exist, it would be created with insecure permissions...
CVE-2016-10767
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...
CVE-2016-10767
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...
Cross site scripting
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...
CVE-2016-10767
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...
Oracle Linux 3 : shadow-utils (ELSA-2007-0431)
From Red Hat Security Advisory 2007:0431 : An updated shadow-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for...
CentOS 4 : shadow-utils (CESA-2007:0276)
Updated shadow-utils packages that fix a security issue and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow...
Scientific Linux Security Update : postfix on SL4.x, SL5.x i386/x86_64
It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands bei...
CentOS Update for postfix CESA-2011:0422 centos4 i386
Check for the Version of postfix OpenVAS Vulnerability Test CentOS Update for postfix CESA-2011:0422 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
postfix improper mailbox permissions
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...
DEBIAN-CVE-2010-3779
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared...
CVE-2010-3707
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving...