SUSE CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

The vulnerability of the automatic email decompression mechanism of Apple Mail on Apple Mac OS operating systems allows a hacker to write arbitrary files.

The vulnerability of the Apple Mail client’s automatic decompression mechanism in Apple Mac OS operating systems is related to incorrect handling of logical operations. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the /Library/Mail directory and $TMPDIR...

SCO Unixware 7.1 '/var/mail' permissions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet have ...

Multiple vulnerabilities in Exim

================================== Exim Mailer, multiple vulnerabilites June 3, 2010 CVE-2010-2023, CVE-2010-2024 ================================== ==Description== Two vulnerabilities have been discovered in Exim 4, a popular mail transfer agent used on Unix-like systems www.exim.org. 1. When Ex...

CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

CVE-2008-3579

Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitati...

Debian DSA-1516-1 : dovecot - privilege escalation

Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory on the server for example, through an SSH login could read and also delete via a symbolic link mailboxes...

Dovecot unauthorized access

zlib plugin allows access to the files behind mail directory...

By the PHP imap function to bypass safe mode and open_basedir restrictions vulnerability thought-the vulnerability of early warning-the black bar safety net

Last night in the green League saw this vulnerability announcement, 2 on 2 8, released, is imapopen of the module exists on the vulnerability, a local attacker could use this vulnerability to unauthorized traversal of the mail directory, illegal create, delete, playback command file. The most...

SCO Unixware 7.1 - varmail Permissions

SCO Unixware 7.1 - varmail Permissions source: https://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet...