33 matches found
EUVD-2026-45006
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search,...
PT-2026-37049
Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description Several commands in the Net::IMAP Ruby library accept raw string arguments that are sent to the server without validation or...
EUVD-2007-4360
Malware in sbrugna...
EUVD-2008-1086
Malware in sbrugna...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an unauthorized access vulnerability that originates from a web search command authentication module bypass. An attacker can exploit the vulnerability to authenticate and access unauthorized...
FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...
grub2 security update
2.06-70.0.2.2 - search command: add flag to only search root dev - Resolves: CVE-2023-4001...
CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...
Design/Logic Flaw
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...
CVE-2022-43563 Risky command safeguards bypass via rex search command field names in Splunk Enterprise
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...
Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9 (SVD-2022-1103)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-1103 advisory. - In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex' search command handles field names lets an attack...
VIM 8.2 Denial Of Service
Exploit Title: Invalid memory access with search command Date: 17-12-2019 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...
VIM 8.2 - Denial of Service (PoC)
Exploit Title: VIM 8.2 - Denial of Service PoC Date: 2019-12-17 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...
VIM 8.2 - Denial of Service Exploit
Exploit Title: VIM 8.2 - Denial of Service PoC Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References: https://github.com/vim/vim/commit/98a336dd497d3422e7efeef9f24cc9e25aeb8a49...
Sql injection
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
CVE-2013-5028
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Mercury IMAP Server <= 4.52 SEARCH Command Buffer Overflow
Binary data 4220.prm...
Mercury/32 4.52 IMAPD - 'SEARCH' (Authenticated) Overflow
Z:\ExpmercurySEARCH.pl 127.0.0.1 143 void ph4nt0m.org Mercury/32 v4.52 IMAPD SEARCH command Post-Auth Stack Overflow Exploit Found & Code by void ph4nt0m.org S: OK mercury.ph4nt0m.org IMAP4rev1 Mercury/32 v4.52 server ready. C: pst06 LOGIN void ph4nt0m.org S: pst06 OK LOGIN completed. C: pst06...
Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow (CVE-2007-3925)
...