75 matches found
CVE-2019-7524
In CVE-2019-7524, Dovecot before 2.2.36.3 and before 2.3.5.1 for the 2.3.x line, suffers a local buffer overflow in the indexer-worker due to missing checks in fts and pop3-uidl. This can enable local privilege escalation to root. Affected products include Dovecot IMAP/POP3 servers on various Lin...
CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components...
PT-2019-1904 · Dovecot +5 · Dovecot +5
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.2.36.3 Dovecot versions 2.3.x prior to 2.3.5.1 Description: The issue is related to a lack of buffer size checks when reading FTS or POP3-UIDL headers from a Dovecot pointer. This can be exploited by a local attack...
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and Vaadin 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. See CWE-754: Improper Check for Unusual or Exceptional...
Alt-N MDaemon 2.8.5 0 UIDL DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1366/info A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the...
POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)
$Id: poppeeperuidl.rb 11180 2010-11-30 20:19:18Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
DEBIAN-CVE-2010-1167
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...
Code injection
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...
CVE-2010-1167
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...
POP Peeper UIDL处理栈溢出漏洞
BUGTRAQ ID: 33926 POP Peeper是运行在Windows任务栏中的邮件通知程序,当接收到新邮件时会给出提示。 POP Peeper的客户端在检索邮件时存在栈溢出漏洞。当用户试图连接到用作了POP3守护程序的邮件服务器时,POP Peeper客户端会使用UIDL命令获得所要检索的每封邮件的特定ID。如果恶意服务器发送了超过1040字节的超长ID的话,就可以溢出栈上缓冲区,允许攻击者完全控制进程。 Mortal Universe Software Entertainment POP Peeper 3.4.0.0 厂商补丁: Mortal Universe Softwar...
POP Peeper mail notifier buffer overflow
Buffer overflow UIDL server reply parsing...
Debian Security Advisory DSA 774-1 (fetchmail)
The remote host is missing an update to fetchmail announced via advisory DSA 774-1. Edward Shornock discovered a bug in the UIDL handling code of fetchmail, a common POP3, APOP and IMAP mail fetching utility. A malicious POP3 server could exploit this problem and inject arbitrary code that will b...
Debian: Security Advisory (DSA-774-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fetchmail buffer overflow
Buffer overflow on oversized POP3 UIDL reply...
Directory traversal
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. dot dot in the UIDL parameter...
CVE-2006-0930
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. dot dot in the UIDL parameter...
CVE-2004-2460
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service application crash via an "infinite" Unique IDentification Listing UIDL list...
[SECURITY] [DSA 774-1] New fetchmail packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 774-1 [email protected] http://www.debian.org/security/ Martin Schulze August 12th, 2005 http://www.debian.org/security/faq -...
CVE-2005-2335
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct...
CVE-2005-2335
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct...