Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability, which stems from excessive use of curly braces in IMAP, leading to uncontrolled memory usage. This can result in...

GHSA-X8MH-94WC-33GV apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0-RC.2 has code vulnerabilities. These vulnerabilities stem from the fact that the install.ajax.php file can be accessed without authentication. This could allow unauthorized attackers to exploit the SMTP...

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

OESA-2025-2528 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

EUVD-2006-2268

Malware in sbrugna...

Creating Scripts to Identify Vulnerable IMAP

This whitepaper covers how to create Nmap scripts to identify banners and versions of IMAP servers. It also covers methods to mitigate the public visibility of banners and version information on IMAP servers. Written in Portuguese...

PT-2023-21425 · Sauter +1 · Ey-As525F001 With Moduweb +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated malicious user could acquire the simple mail transfer protocol SMTP password in cleartext format, despite it being protected and hidden...

SUSE CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

Axis OS 安全漏洞

Axis Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in Axis devices AXIS OS version 5.51 and later versions, which stems from a failure to properly validate user control parameters related to the SMTP test function...

Advisory ROSA-SA-2021-1925

Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...

Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2020-68858)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Thunderbird suffers from a buffer overflow vulnerability that can be exploited by an...

DEBIAN-CVE-2020-16094

In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...

USN-4160-1 uw-imap vulnerability

It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands...

PT-2018-3298 · Mutt +5 · Mutt +5

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.10.1 NeoMutt versions prior to 2018-07-16 Description: The issue is related to the imap quote string function in the imap/util.c file of the Mutt and NeoMutt email clients. This function does not account for quote...

Ability Mail Server 2013 (3.1.1) - Stored XSS Vulnerability

Exploit for windows platform in category remote exploits import smtplib emailaddr = 'email protected' email = 'From: %s\n' % emailaddr email += 'To: %s\n' % emailaddr email += 'Subject: XSS\n' email += 'Content-type: text/html\n\n' email += 'alert"XSS"' s = smtplib.SMTP'192.168.58.140', 25...

Mozilla Releases BrowserID Web Authentication System

Mozilla has released a new browser-based federated login mechanism called BrowserID that is designed to replace the login process on Web sites that requires users to supply an email and password. The experimental system relies on the Verified Email protocol and also works on other browsers,...

Mozilla Thunderbird MIME外部主体堆溢出漏洞

CVECAN ID: CVE-2008-0304 Thunderbird是Mozilla发布的邮件客户端，支持IMAP、POP邮件协议以及HTML邮件格式。 Thunderbird在处理畸形格式的邮件数据时存在漏洞，远程攻击者可能利用此漏洞控制用户系统。 Thunderbird没有正确地解析邮件中的external-body MIME类型，在计算所要分配堆缓冲区的字节数时没有为所要拷贝的数据保留足够的空间。如果用户受骗打开了恶意邮件消息的话，就可能最多覆盖3字节的缓冲区，导致执行任意指令。 Mozilla Thunderbird 2.0.0.9 临时解决方法：...

Code injection

Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service application crash via unknown vectors in the "email protocol inspectors," possibly 1 SMTP and 2 POP3...