PT-2026-37049

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description Several commands in the Net::IMAP Ruby library accept raw string arguments that are sent to the server without validation or...

EUVD-2007-4360

Malware in sbrugna...

EUVD-2008-1086

Malware in sbrugna...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an unauthorized access vulnerability that originates from a web search command authentication module bypass. An attacker can exploit the vulnerability to authenticate and access unauthorized...

FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...

grub2 security update

2.06-70.0.2.2 - search command: add flag to only search root dev - Resolves: CVE-2023-4001...

CVE-2022-43563

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...

Design/Logic Flaw

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...

CVE-2022-43563 Risky command safeguards bypass via rex search command field names in Splunk Enterprise

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phis...

Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9 (SVD-2022-1103)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-1103 advisory. - In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex' search command handles field names lets an attack...

VIM 8.2 - Denial of Service (PoC)

Exploit Title: VIM 8.2 - Denial of Service PoC Date: 2019-12-17 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...

VIM 8.2 - Denial of Service Exploit

Exploit Title: VIM 8.2 - Denial of Service PoC Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References: https://github.com/vim/vim/commit/98a336dd497d3422e7efeef9f24cc9e25aeb8a49...

VIM 8.2 Denial Of Service

Exploit Title: Invalid memory access with search command Date: 17-12-2019 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...

Sql injection

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...

CVE-2013-5028

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Mercury IMAP Server <= 4.52 SEARCH Command Buffer Overflow

Binary data 4220.prm...

Mercury/32 4.52 IMAPD - &#039;SEARCH&#039; (Authenticated) Overflow

Z:\ExpmercurySEARCH.pl 127.0.0.1 143 void ph4nt0m.org Mercury/32 v4.52 IMAPD SEARCH command Post-Auth Stack Overflow Exploit Found & Code by void ph4nt0m.org S: OK mercury.ph4nt0m.org IMAP4rev1 Mercury/32 v4.52 server ready. C: pst06 LOGIN void ph4nt0m.org S: pst06 OK LOGIN completed. C: pst06...

Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow (CVE-2007-3925)

...

SurgeMail SEARCH命令远程栈缓冲区溢出漏洞

BUGTRAQ ID: 25318 SurgeMail是下一代的邮件服务器，可运行在Windows NT/2K或UNIX平台上，支持所有的标准IMAP、POP3、SMTP、SSL和ESMTP协议。 SurgeMail在处理带有超长畸形参数的SEARCH命令时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制服务器。 如果对SurgeMail提交了有超长参数的IMAP SEARCH命令的话，就可能触发栈溢出，导致执行任意指令。 NetWin SurgeMail 38k 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...