Mailscanner Security Vulnerabilities
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
7.1AI Score
0.003EPSS
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
7.1AI Score
0.007EPSS
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.
8.2AI Score
0.013EPSS
mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scrip...
7.2AI Score
0.0004EPSS
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupd...
4.9AI Score
0.0004EPSS
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
4.7CVSS
5.4AI Score
0.0004EPSS
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
5.5CVSS
5.5AI Score
0.0004EPSS
5.5CVSS
5.4AI Score
0.0004EPSS