CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

CVE-2011-1431

Removed by vendor...

CVE-2011-1431

The CVE concerns STARTTLS in qmail-smtpd.c within qmail-smtpd (netqmail-1.06-tls patch for netqmail 1.06). The root cause is incomplete I/O buffering restrictions, enabling MITM attackers to insert a plaintext command after TLS is established in encrypted SMTP sessions (plaintext command injectio...

CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

CVE-2011-0411

The CVE-2011-0411 entry relates to STARTTLS I/O buffering not being properly restricted, enabling plaintext command injection after TLS is established. Concrete details in connected docs include: INN/nnrpd before 2.5.3: reads unencrypted commands after TLS negotiation, allowing MITM insertion; a ...

CVE-2011-1430

Technical details for CVE-2011-1430 are not present in the connected documents. The initial description states a STARTTLS plaintext command-injection issue in Ipswitch IMail 11.03 and earlier, but no vendor/product/version/root-cause or remediation details are provided.

CVE-2011-1432

Technical details for CVE-2011-1432 are not provided in the connected documents. The initial description contains general information only. Monitor for updates.

CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

IMAP Service STARTTLS Plaintext Command Injection

The remote IMAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...

POP3 Service STLS Plaintext Command Injection

The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...

CVE-2007-4656

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than...

CVE-2007-2766

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh...

Default credentials

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh...