858 matches found
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
Sql injection
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2014-2655
CVE-2014-2655 : SQL injection in Postfix Admin (postfixadmin) via the gen_show_status function in functions.inc.php, exploitable before 2.3.7 when creating a new alias. Affected: Postfix Admin, prior to 2.3.7. Root cause: improper SQL handling in list-virtual.py? (per sources) and related advisor...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
Debian DSA-2889-1 : postfixadmin - security update
A SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database. The oldstable distribution squeeze does not contain postfixadmin. %NASLMINLEVEL 703...
[SECURITY] [DSA 2889-1] postfixadmin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2889-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 28, 2014 http://www.debian.org/security/faq -...
Postfix Admin 'functions.inc.php' SQL注入漏洞
BUGTRAQ ID: 66455 CVECAN ID: CVE-2014-2655 Postfix是Unix类操作系统中所使用的邮件传输代理。 用于程序没有在SQL查询前充分过滤用户提供的数据,允许攻击者危及应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。 0 Postfix Admin Postfix Admin 2.3.5 Postfix Admin Postfix Admin 2.3.4 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://sourceforge.net/projects/postfixadmin/...
DSA-2889-1 postfixadmin - security update
Bulletin has no description...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
DEBIAN-CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Design/Logic Flaw
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
UBUNTU-CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
CVE-2013-7176 affects Fail2ban, where config/filter.d/postfix.conf in the Fail2ban filter could allow a remote attacker to trigger an IP ban on an arbitrary address via a crafted email address due to an improperly designed regular expression. The issue is addressed in Debian security advisories w...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
Overview Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected. Description Fail2ban versions prior to...