Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Cyrus IMAP Server vulnerabilities (USN-7224-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7224-1 advisory. It was discovered that non-authentication-related HTTP requests could be interpreted in an authentication context by ...

USN-7224-1 cyrus-imapd vulnerabilities

It was discovered that non-authentication-related HTTP requests could be interpreted in an authentication context by a Cyrus IMAP Server when multiple requests arrived over the same connection. An unauthenticated attacker could possibly use this issue to perform a privilege escalation attack. Thi...

ROS-2-2055

2.2055 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

MGASA-2021-0008 Updated dovecot packages fix security vulnerabilities

It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users’ email CVE-2020-24386. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could...

MGASA-2020-0357 Updated mutt packages fix security vulnerabilities

A potential IMAP Man-in-the-Middle attack via a PREAUTH response CVE-2020-14093. Mutt was ignoring an expired certificate and was proceeding with a connection CVE-2020-14154. A response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 CVE-2020-14954...

CVE-2019-19783

CVE-2019-19783 affects Cyrus IMAP (cyrus-imapd) where the lmtpd sieve handling could allow a user to create a mailbox with administrator privileges via a fileinto directive, due to folder handling in autosieve_createfolder() in imap/lmtp_sieve.c. Affected: 2.5.x (before 2.5.15), 3.0.x (before 3.0...

GNU Mailutils Multiple IMAP Vulnerabilities

Binary data 2938.prm...

Magic Winmail Server 4.0 (Build 1112) - upload.php Traversal Arbitrary File Upload

Magic Winmail Server 4.0 Build 1112 - upload.php Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities. There are two distinct directory traversal vulnerabilities in the Webmail interface allowi...

USN-31-1: cyrus21-imapd vulnerabilities

Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the "partial" and "fetch" commands, an argument like "bodyp" was detected as "body.peek". This could cause a buffer overflow which could be exploited to execute...

FreeBSD : Cyrus IMSPd multiple vulnerabilities (34)

The following package needs to be updated: cyrus-imspd %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg700d43b4a42a11d89c6d0020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2003-1303

Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...

FreeBSD-SA-00:14.imap-uw

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:14 Security Advisory FreeBSD, Inc. Topic: imap-uw contains security vulnerabilities for "closed" mail servers Category: ports Module: imap-uw Announced: 2000-04-24...

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows 1 // source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3...