curl: IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing

libcurl incorrectly parses IMAP literals size even when they are embedded within quoted strings e.g., email subjects or headers. This behavior violates RFC 3501, which mandates that content inside double quotes must be treated as opaque text. This parsing error causes the client state machine to...

RCE in PHP or how to bypass disable_functions in PHP installations

Today we will explore an exciting method to remotely execute code even if an administrator set disablefunctions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details...

Nmap NSE 6.01: imap-capabilities

Retrieves IMAP email server capabilities. IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy. OpenVAS Vulnerability Test $Id: gbnmap6imapcapabilities.nasl 7148 2017-09-15 13:01:14Z...

[SECURITY] Fedora 14 Update: cyrus-imapd-2.3.18-1.fc14

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

[SECURITY] Fedora 14 Update: cyrus-imapd-2.3.16-8.fc14

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

Nmap NSE net: imap-capabilities

Retrieves IMAP email server capabilities. IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy. OpenVAS Vulnerability Test $Id: gbnmapimapcapabilitiesnet.nasl 5505 2017-03-07 10:00:18...

[SECURITY] Fedora 11 Update: cyrus-imapd-2.3.15-1.fc11

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

imap-capabilities NSE Script

Retrieves IMAP email server capabilities. IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy. Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See...