29 matches found
EUVD-2014-4863
Malware in sbrugna...
EUVD-2021-7686
Malicious code in bioql PyPI...
SUSE CVE-2010-3693
Cross-site scripting XSS vulnerability in Horde Dynamic IMP DIMP before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names...
SUSE CVE-2012-0791
Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...
OPENSUSE-SU-2021:0533-1 Security update for isync
This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB boo1182488 This update was imported from the openSUSE:Leap:15.2:Update update project...
Directory Traversal
isync is vulnerable to directory traversal. The vulnerability exists as validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing .. path components to access data outside the designated...
CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the...
CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the...
Sourceforge mbsync Path Traversal Vulnerability
Sourceforge mbsync is an application from the Sourceforge community in the United States. It provides synchronization of remote IMAP mailboxes with local maildir style mailboxes. A path traversal vulnerability exists in mbsync prior to v1.3.5 and v1.4.1 that originates from allowing a malicious o...
UBUNTU-CVE-2018-14355
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name...
LinuxMagic MagicSpam-Plesk Extended Insecure File Permissions Vulnerability
LinuxMagic MagicSpam-Plesk extension is an anti-spam extension from LinuxMagic Canada. A security vulnerability exists in LinuxMagic MagicSpam-Plesk extension version 2.0.13. The vulnerability can be exploited by a local attacker to obtain mailbox names by reading /var/log/magicspam/mslog...
CVE-2018-5693
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog...
Code injection
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog...
CVE-2018-5693
The CVE affects LinuxMagic MagicSpam extension for Plesk, versions before 2.0.14-1. Local attackers can disclose mailbox names by reading /var/log/magicspam/mslog, enabling information disclosure on the host. Remediation: upgrade to 2.0.14-1 or newer (as indicated by the vulnerability description).
CVE-2018-5693
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog...
CVE-2012-0791
Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...
CVE-2012-0791
Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...
CVE-2010-3693
Cross-site scripting XSS vulnerability in Horde Dynamic IMP DIMP before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names...
CVE-2010-3693
Cross-site scripting XSS vulnerability in Horde Dynamic IMP DIMP before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names...
Cross site scripting
Cross-site scripting XSS vulnerability in Horde Dynamic IMP DIMP before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names...