CVE-2020-14929

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

Design/Logic Flaw

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

CVE-2020-14929

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

CVE-2020-14929

CVE-2020-14929 affects Alpine (pre-2.23) where,a PREAUTH scenario can cause Alpine to proceed over an insecure connection after a /tls is sent instead of closing the connection. Public records in multiple vendor advisories indicate the issue is addressed by upgrading Alpine to 2.23 or newer; Fedo...

CVE-2020-14929

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

Mutt Information Disclosure Vulnerability

Mutt is a text-based mail client for Unix-like systems by Michael Elkins Software Developers. A security vulnerability exists in Mutt versions prior to 1.14.3. The vulnerability can be exploited by an attacker to conduct a man-in-the-middle attack using the PREAUTH response...

CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

UBUNTU-CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

IMAP fcc/postpone machine-in-the-middle attack

mutt 1.14.3 updates: CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

CVE-2020-12398

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

Mozilla Thunderbird < 68.9.0

The version of Thunderbird installed on the remote Windows host is prior to 68.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-22 advisory. - Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 68.8. Some of these...

AirControl 1.4.2 Remote Code Execution

Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Date: 2020-06-03 Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...

Symantec Web Gateway 5.0.2.8 Remote Code Execution

Title: Preauth RCE in Symantec Web Gateway 5.0.2.8 Date: 26.03.2020 Vendor: www.symantec.com Vulnerable software: www.symantec.com Repo: https://github.com/c610/free/ !/usr/bin/env python seemantech.py - small preauth poc for symantec web gateway 27.03.2020 by code610 more :...

PlaySMS index.php Unauthenticated Template Injection Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...

CVE-2020-8644

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Recent assessments: touhidshaikh at March 12, 2020 4:40pm UTC reported: Description This module exploits a Preauth Server-Side Template Injection leads remote code execution vulnerability in PlaySMS Before Version 1.4.3. This...

krb5 security, bug fix, and enhancement update

1.15.1-34 - In FIPS mode, add plaintext fallback for RC4 usages and taint - Resolves: 1570600 1.15.1-33 - Use SHA-256 instead of MD5 for audit ticket IDs - Resolves: 1570600 1.15.1-32 - Include preauth name in trace output if possible - Update cert generation scripts to work on modern openssl - F...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.3.0 <=1.3.2), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.1.0 <=1.3.2) +6 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring (>=1.1.0 <=1.3.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.3.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (=1.3.0), org.apache.cxf.fediz.examples:springPreauthWebapp (=1.3.0) +4 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (=1.3.0)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring and may be impacted: - org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp =1.3.0 -...