858 matches found
[SECURITY] [DSA 2979-1] fail2ban security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2979-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 17, 2014 http://www.debian.org/security/faq -...
DSA-2979-1 fail2ban - security update
Bulletin has no description...
Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
No description provided by source. / http://www.wekk.net/research/CVE-2008-4042/CVE-2008-4042-exploit.c http://www.wekk.net/research/CVE-2008-3889/CVE-2008-3889-exploit.c Exploit for Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel...
Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13129/info It is reported that GLD contains a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure that a fixed-size memory buffer is sufficiently large prior to copying...
Salim Gasmi GLD 1.0 - 1.4 - Postfix Greylisting Buffer Overflow
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Postfix 1.1.x Denial of Service Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to bounce-scan a private network. It has also been reported that thi...
Postfix 1.1.x Denial of Service Vulnerabilities (1)
No description provided by source. source: http://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to bounce-scan a private network. It has also been reported that thi...
Amavis 0.1.6 Header Parsing Mail Relaying Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7306/info It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. telnet somemx.domain.tld 25 220...
Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
No description provided by source. !/bin/sh rspocfix.sh PoC for Postfix local root vulnerability: CVE-2008-2936 by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt [email protected] Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use postconf mailspooldirectory...
GLD (Greylisting Daemon) Postfix Buffer Overflow
No description provided by source. $Id: gldpostfix.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)
postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS CVE-2011-0411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
openSUSE Security Update : postfix (openSUSE-SU-2011:0476-1)
Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : postfix (openSUSE-SU-2011:0476-1)
Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : postfix (openSUSE-SU-2011:0389-1)
postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS CVE-2011-0411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
Postfix Admin Detection
Binary data postfixadmindetect.nbin...
Updated fail2ban packages fix security issues
An update to fail2ban 0.8.13 has been released to fix security issues, amongst other bugfixes. fail2ban versions prior to 0.8.11 would allow a remote unauthenticated attacker to cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services...
MGASA-2014-0176 Updated fail2ban packages fix security issues
An update to fail2ban 0.8.13 has been released to fix security issues, amongst other bugfixes. fail2ban versions prior to 0.8.11 would allow a remote unauthenticated attacker to cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services...
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
Multiple vendors SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103935";...
DEBIAN-CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...