2 matches found
Gentoo Security Advisory GLSA 200804-24 (dbmail)
The remote host is missing updates announced in advisory GLSA 200804-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
DBMail空LDAP口令绕过认证漏洞
BUGTRAQ ID: 28849 CVECAN ID: CVE-2007-6714 Dbmail是一个程序集,允许从数据库检索和存储邮件,可使用MySQL、PostgreSQL和SQLite作为数据库后端。 Dbmail的认证过程存在安全漏洞,如果启用了authldap模块且LDAP服务器允许匿名登录,则任何用户都可以使用空口令字符串登录到任意帐号。 h000 telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^'. OK dbmail imap protocol...