143 matches found
UBUNTU-CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...
CVE-2018-0684
Buffer overflow in Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier allows remote attackers to execute arbitrary code or cause a denial-of-service DoS condition via multipart/form-data format data...
USN-3724-1 evolution-data-server vulnerability
Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...
Mutt and NeoMutt Buffer Overflow Vulnerability
NeoMutt is a patched version of Mutt, a text-based mail client for Unix-like systems developed by Michael Elkins Software Developers. A stack buffer overflow vulnerability exists in the imap/message.c file in versions of Mutt prior to 1.10.1 and NeoMutt prior to 2018-07-16, which can be exploited...
USN-3457-1 curl vulnerability
Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code...
[SECURITY] Fedora 26 Update: cyrus-imapd-3.0.3-1.fc26
The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use fro...
UBUNTU-CVE-2017-7703
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly...
DEBIAN-CVE-2017-7703
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly...
Design/Logic Flaw
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
chacmool Private Message System 1.1.3 send.php Arbitrary Message Access
No description provided by source. source: http://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. Private Message System 1.1...
Amtelco miSecureMessages未授权访问漏洞
Bugtraq ID:66795 CVE ID:CVE-2014-0357 Amtelco miSecureMessages是一个可用于多个移动设备上的对消息进行加密的应用。 Amtelco miSecureMessages对用户消息访问缺少正确的验证,攻击者可在XML请求中提供contactID和合法许可证键值,就可以访问任意用户消息。 0 Amtelco miSecureMessages 目前没有详细解决方案: https://misecuremessages.com/...
Authentication flaw
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp...
Fedora Update for uw-imap FEDORA-2008-9383
Check for the Version of uw-imap OpenVAS Vulnerability Test Fedora Update for uw-imap FEDORA-2008-9383 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for uw-imap FEDORA-2008-9396
Check for the Version of uw-imap OpenVAS Vulnerability Test Fedora Update for uw-imap FEDORA-2008-9396 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from...
JavaMail Information Disclosure (msgno)
"The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common,...
chacmool Private Message System 1.1.3 - 'send.php' Arbitrary Message Access
source: https://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. Private Message System 1.1.3 is reported vulnerable to these...
ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta
ZH2003-10SA security advisory: Mail System Ver. 0.9 Beta. Published: 16/07/2003 Released: 16/07/2003 Name: Mail System Ver. 0.9 Beta Affected Systems: All versions ? Issue: Remote attackers can view all messages and sql injection vulnerability Author: [email protected] Description Zone-h Securit...
DEBIAN-CVE-2003-0297
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service crash and possibly execute arbitrary code via certain large 1 literal and 2 mailbox size values that cause either integer signedness errors or integer overflow errors...
DEBIAN-CVE-2003-0167
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service crash and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than...