2 matches found
CVE-2010-3292
The updatebad,phishingsites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption e.g., https or digital signature checking which could allow an attacker to replace certain configuration files e.g., phishing whitelist via dns/packet spoofing...
CVE-2010-3292
The CVE-2010-3292 entry concerns MailScanner (update{_bad,}_phishing_sites scripts) versions around 4.79.11-2. The vulnerability arises because downloaded files are trusted without encryption (e.g., HTTPS) or digital signatures, enabling a man-in-the-middle or spoofing to replace critical configu...