858 matches found
Directory traversal
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
DEBIAN-CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
CVE-2017-10140
CVE-2017-10140 affects Postfix and Berkeley DB: reading settings from DB_CONFIG in the current directory can allow a local user to gain privileges when Postfix runs with Berkeley DB 2.x and newer. Affected Postfix branches include 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
WhoAmIMailBot - A Service To Mask Your Email
What is it? A service to mask your e-mails, it was inspired by Blur service, where you create a alias for your e-mail, and use it to signup on applications, but the problem on Blur, is that all e-mails pass trough they infraestructure, and I don't need anybody looking on my e-mails, to solve that...
Dovecot IMAP Server rfc822_parse_domain Information Leak Vulnerability
Summary An exploitable out of bounds read vulnerability exists in the RFC822 parser as implemented in Dovecot IMAP Server 2.2.33.2. A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosu...
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)
The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Font...
Apple macOS Server and macOS High Sierra Postfi Elevation of Privilege Vulnerability
Apple macOS Server and macOS High Sierra are both products of Apple. apple macOS Server is a server designed for macOS and iOS that provides team collaboration, software development, website hosting, and more. macOS High Sierra is a suite of specialized operating systems developed for Mac...
About the security content of macOS Server 5.4 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
GLSA-201709-20 : Postfix: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201709-20 Postfix: Privilege escalation By default, Berkeley DB reads a DBCONFIG configuration file from the current working directory. This is an undocumented behavior. Impact : A local attacker, by using a specially crafted...
About the security content of macOS Server 5.4
About the security content of macOS Server 5.4 This document describes the security content of macOS Server 5.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
Postfix: Privilege escalation
Background Postfix is a mail server and an alternative to the widely-used Sendmail program. Description By default, Berkeley DB reads a DBCONFIG configuration file from the current working directory. This is an undocumented behavior. Impact A local attacker, by using a specially crafted DGCONFIG...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
UBUNTU-CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
Postfix 2.x Mail Message Date Field RCE (ENTERSEED)
According to its banner, the Postfix mail server running on the remote host is version 2.x from 2.0.8 to 2.1.5 inclusively. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of the email date field. An unauthenticated, remote attacker can exploit thi...
Postfix Admin Security Bypass Vulnerability
Postfix Admin is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Postfix Admin Detection
Detection of Postfix Admin The script sends a HTTP connection request to the server and attempts to detect the presence of Postfix Admin and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...