qpopper.fgets.txt

Topic: unsafe fgets using in qpopper Software affected: qpopper 3.0 fc2, qpopper 2.53 and probably others Description: malicious user can remotely post message with spoofed or incorrect headers including "Received:" one and in some cases bypass virus checking. This can be used for sending trojans...