Lucene search
K

11 matches found

UbuntuCve
UbuntuCve
added 2011/11/18 12:0 a.m.16 views

CVE-2011-4318

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name CN of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers...

5.8CVSS5.9AI score0.01321EPSS
Exploits0References4
NVD
NVD
added 2011/05/24 11:55 p.m.18 views

CVE-2011-2166

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...

6.5CVSS6.1AI score0.0201EPSS
Exploits0References7
NVD
NVD
added 2011/05/24 11:55 p.m.22 views

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

6.5CVSS6AI score0.02206EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2011/05/24 11:55 p.m.25 views

CVE-2011-2166

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...

6.5CVSS5.9AI score0.0201EPSS
Exploits0References1
Prion
Prion
added 2011/05/24 11:55 p.m.14 views

Design/Logic Flaw

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...

6.5CVSS6.6AI score0.0201EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2011/05/24 11:55 p.m.17 views

Directory traversal

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

6.5CVSS6.6AI score0.02206EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2011/05/24 11:0 p.m.67 views

CVE-2011-2166

Dovecot 2.0.x (pre-2.0.13) is affected by CVE-2011-2166 (and related CVEs) due to script-login not honoring user/group settings, potentially allowing remote authenticated users to bypass access controls. Severity is moderate (CVSS v2 base 6.5). Affected: Dovecot 2.0.x before 2.0.13; Impact: parti...

6.5CVSS5AI score0.0201EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2011/05/24 11:0 p.m.25 views

CVE-2011-2166

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...

5.1AI score0.0201EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2011/05/24 11:0 p.m.33 views

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

6.5CVSS6AI score0.02206EPSS
Exploits0
Debian CVE
Debian CVE
added 2011/05/24 11:0 p.m.29 views

CVE-2011-2166

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...

6.5CVSS6AI score0.0201EPSS
Exploits0
Prion
Prion
added 2010/10/06 5:0 p.m.21 views

Cross site request forgery (csrf)

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving...

5.5CVSS6.4AI score0.02667EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder