93 matches found
EUVD-2011-1435
Malware in sbrugna...
EUVD-2007-2758
Malware in sbrugna...
EUVD-2011-1437
Malware in sbrugna...
EUVD-2011-1924
Malware in sbrugna...
EUVD-2011-2157
Malware in sbrugna...
SUSE CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...
SUSE CVE-2011-1431
The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...
SUSE CVE-2011-1430
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...
SUSE CVE-2011-1432
The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...
SUSE CVE-2011-1926
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...
SUSE CVE-2012-3523
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...
SUSE CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
CVE-2020-29548
SmarterMail (SmarterTools) up to v100.0.7537 is affected. In this CVE, a meddler-in-the-middle can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. The issue is described across multiple sources (NVD entry for CVE-2020-29548 and vendor refe...
CVE-2020-15955
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...
DEBIAN-CVE-2021-38084
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...
CVE-2021-38084
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...
UBUNTU-CVE-2021-38084
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...
CVE-2014-2727
The CVE-2014-2727 issue affects MailMarshal’s STARTTLS before version 7.2, enabling plaintext command injection via the STARTTLS implementation. Public sources identify this as a network‑vector vulnerability with high impact and a high score (NVD CVSS v2/v3). The root cause is the STARTTLS handli...
CVE-2014-8563
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...
CVE-2014-8563
CVE-2014-8563 affects Synacor Zimbra Collaboration Suite before version 8.0.9. The vulnerability is described as plaintext command injection during STARTTLS, stemming from input data not properly filtered when constructing OS-executable commands. Several connected sources reiterate that versions ...