Lucene search
+L

75 matches found

cve
cve
added 2019/03/28 1:45 p.m.237 views

CVE-2019-7524

In CVE-2019-7524, Dovecot before 2.2.36.3 and before 2.3.5.1 for the 2.3.x line, suffers a local buffer overflow in the indexer-worker due to missing checks in fts and pop3-uidl. This can enable local privilege escalation to root. Affected products include Dovecot IMAP/POP3 servers on various Lin...

8.8CVSS6.2AI score0.01178EPSS
Exploits0References13Affected Software1
alpinelinux
alpinelinux
added 2019/03/28 1:45 p.m.31 views

CVE-2019-7524

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components...

8.8CVSS6.6AI score0.01178EPSS
Exploits0
ptsecurity
ptsecurity
added 2019/02/05 12:0 a.m.2 views

PT-2019-1904 · Dovecot +5 · Dovecot +5

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.2.36.3 Dovecot versions 2.3.x prior to 2.3.5.1 Description: The issue is related to a lack of buffer size checks when reading FTS or POP3-UIDL headers from a Dovecot pointer. This can be exploited by a local attack...

9.8CVSS6.8AI score0.62579EPSS
Exploits14References100
vaadin
vaadin
added 2018/11/29 12:0 a.m.40 views

Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and Vaadin 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. See CWE-754: Improper Check for Unusual or Exceptional...

4.3CVSS1.2AI score0.00574EPSS
Exploits0References1Affected Software2
seebug
seebug
added 2014/07/01 12:0 a.m.22 views

Alt-N MDaemon 2.8.5 0 UIDL DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1366/info A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2010/11/30 12:0 a.m.27 views

POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)

$Id: poppeeperuidl.rb 11180 2010-11-30 20:19:18Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

9.3CVSS6.7AI score0.31839EPSS
Exploits5
osv
osv
added 2010/05/07 6:24 p.m.1 views

DEBIAN-CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

4.3CVSS8.3AI score0.02199EPSS
Exploits0References1
prion
prion
added 2010/05/07 6:24 p.m.16 views

Code injection

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

4.3CVSS6.9AI score0.02199EPSS
Exploits0References5Affected Software1
ubuntucve
ubuntucve
added 2010/05/07 6:24 p.m.24 views

CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

4.3CVSS7.2AI score0.02199EPSS
Exploits0References1
seebug
seebug
added 2009/03/02 12:0 a.m.14 views

POP Peeper UIDL处理栈溢出漏洞

BUGTRAQ ID: 33926 POP Peeper是运行在Windows任务栏中的邮件通知程序,当接收到新邮件时会给出提示。 POP Peeper的客户端在检索邮件时存在栈溢出漏洞。当用户试图连接到用作了POP3守护程序的邮件服务器时,POP Peeper客户端会使用UIDL命令获得所要检索的每封邮件的特定ID。如果恶意服务器发送了超过1040字节的超长ID的话,就可以溢出栈上缓冲区,允许攻击者完全控制进程。 Mortal Universe Software Entertainment POP Peeper 3.4.0.0 厂商补丁: Mortal Universe Softwar...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2009/02/27 12:0 a.m.19 views

POP Peeper mail notifier buffer overflow

Buffer overflow UIDL server reply parsing...

4.3AI score
Exploits0References1Affected Software1
openvas
openvas
added 2008/01/17 12:0 a.m.25 views

Debian Security Advisory DSA 774-1 (fetchmail)

The remote host is missing an update to fetchmail announced via advisory DSA 774-1. Edward Shornock discovered a bug in the UIDL handling code of fetchmail, a common POP3, APOP and IMAP mail fetching utility. A malicious POP3 server could exploit this problem and inject arbitrary code that will b...

5CVSS0.05882EPSS
Exploits1
openvas
openvas
added 2008/01/17 12:0 a.m.19 views

Debian: Security Advisory (DSA-774-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.05882EPSS
Exploits1References3
securityvulns
securityvulns
added 2006/08/02 12:0 a.m.35 views

Fetchmail buffer overflow

Buffer overflow on oversized POP3 UIDL reply...

4.1AI score
Exploits0References4Affected Software1
prion
prion
added 2006/02/28 11:2 a.m.17 views

Directory traversal

Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. dot dot in the UIDL parameter...

4CVSS6.7AI score0.01373EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2006/02/28 11:0 a.m.24 views

CVE-2006-0930

Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. dot dot in the UIDL parameter...

6.2AI score0.01373EPSS
Exploits1References4
debiancve
debiancve
added 2005/08/20 4:0 a.m.28 views

CVE-2004-2460

Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service application crash via an "infinite" Unique IDentification Listing UIDL list...

5CVSS6.3AI score0.01634EPSS
Exploits0
debian
debian
added 2005/08/12 10:57 a.m.30 views

[SECURITY] [DSA 774-1] New fetchmail packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 774-1 [email protected] http://www.debian.org/security/ Martin Schulze August 12th, 2005 http://www.debian.org/security/faq -...

5CVSS0.3AI score0.05882EPSS
Exploits1
debiancve
debiancve
added 2005/07/27 4:0 a.m.27 views

CVE-2005-2335

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct...

5CVSS7.6AI score0.05882EPSS
Exploits1
ubuntucve
ubuntucve
added 2005/07/27 4:0 a.m.24 views

CVE-2005-2335

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct...

5CVSS6AI score0.05882EPSS
Exploits1References2
Rows per page
Query Builder