Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PORT STATE SERVICE REASON VERSION
- 995/tcp open ssl/pop3 syn-ack ttl 51 Dovecot pop3d
- | vulscan: VulDB - https://vuldb.com:
- | [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
- | [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
- | [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
- | [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
- | [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
- | [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
- | [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
- | [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
- | [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
- | [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
- | [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
- | [69835] Dovecot 2.2.0/2.2.1 denial of service
- | [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
- | [65684] Dovecot up to 2.2.6 unknown vulnerability
- | [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
- | [63692] Dovecot up to 2.0.15 spoofing
- | [7062] Dovecot 2.1.10 mail-search.c denial of service
- | [57517] Dovecot up to 2.0.12 Login directory traversal
- | [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
- | [57515] Dovecot up to 2.0.12 Crash denial of service
- | [54944] Dovecot up to 1.2.14 denial of service
- | [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
- | [54942] Dovecot up to 2.0.4 Access Restriction denial of service
- | [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
- | [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
- | [53277] Dovecot up to 1.2.10 denial of service
- | [50082] Dovecot up to 1.1.6 Stack-based memory corruption
- | [45256] Dovecot up to 1.1.5 directory traversal
- | [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
- | [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
- | [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
- | [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
- | [40356] Dovecot 1.0.9 Cache unknown vulnerability
- | [38222] Dovecot 1.0.2 directory traversal
- | [36376] Dovecot up to 1.0.x directory traversal
- | [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
- |
- | MITRE CVE - https://cve.mitre.org:
- | [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
- | [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
- | [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
- | [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
- | [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
- | [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
- | [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
- | [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
- | [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
- | [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
- | [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
- | [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
- | [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
- | [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
- | [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
- | [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
- | [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
- | [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
- | [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
- | [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
- | [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
- | [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
- | [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
- | [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
- | [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
- | [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
- | [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
- | [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
- | [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
- | [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
- | [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
- | [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
- | [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
- | [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
- | [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
- | [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
- | [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
- |
- | SecurityFocus - https://www.securityfocus.com/bid/:
- | [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
- | [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
- | [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
- | [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
- | [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
- | [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
- | [67306] Dovecot Denial of Service Vulnerability
- | [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
- | [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
- | [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
- | [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
- | [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
- | [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
- | [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
- | [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
- | [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
- | [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
- | [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
- | [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
- | [39838] tpop3d Remote Denial of Service Vulnerability
- | [39258] Dovecot Service Control Access List Security Bypass Vulnerability
- | [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
- | [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
- | [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
- | [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
- | [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
- | [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
- | [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
- | [27093] Dovecot Authentication Cache Security Bypass Vulnerability
- | [25182] Dovecot ACL Plugin Security Bypass Vulnerability
- | [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
- | [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
- | [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
- | [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
- | [17961] Dovecot Remote Information Disclosure Vulnerability
- | [16672] Dovecot Double Free Denial of Service Vulnerability
- | [8495] akpop3d User Name SQL Injection Vulnerability
- | [8473] Vpop3d Remote Denial Of Service Vulnerability
- | [3990] ZPop3D Bad Login Logging Failure Vulnerability
- | [2781] DynFX MailServer POP3d Denial of Service Vulnerability
- |
- | IBM X-Force - https://exchange.xforce.ibmcloud.com:
- | [86382] Dovecot POP3 Service denial of service
- | [84396] Dovecot IMAP APPEND denial of service
- | [80453] Dovecot mail-search.c denial of service
- | [71354] Dovecot SSL Common Name (CN) weak security
- | [67675] Dovecot script-login security bypass
- | [67674] Dovecot script-login directory traversal
- | [67589] Dovecot header name denial of service
- | [63267] Apple Mac OS X Dovecot information disclosure
- | [62340] Dovecot mailbox security bypass
- | [62339] Dovecot IMAP or POP3 denial of service
- | [62256] Dovecot mailbox security bypass
- | [62255] Dovecot ACL entry security bypass
- | [60639] Dovecot ACL plugin weak security
- | [57267] Apple Mac OS X Dovecot Kerberos security bypass
- | [56763] Dovecot header denial of service
- | [54363] Dovecot base_dir privilege escalation
- | [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
- | [46323] Dovecot dovecot.conf information disclosure
- | [46227] Dovecot message parsing denial of service
- | [45669] Dovecot ACL mailbox security bypass
- | [45667] Dovecot ACL plugin rights security bypass
- | [41085] Dovecot TAB characters authentication bypass
- | [41009] Dovecot mail_extra_groups option unauthorized access
- | [39342] Dovecot LDAP auth cache configuration security bypass
- | [35767] Dovecot ACL plugin security bypass
- | [34082] Dovecot mbox-storage.c directory traversal
- | [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
- | [26578] Cyrus IMAP pop3d buffer overflow
- | [26536] Dovecot IMAP LIST information disclosure
- | [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
- | [24709] Dovecot APPEND command denial of service
- | [13018] akpop3d authentication code SQL injection
- | [7345] Slackware Linux imapd and ipop3d core dump
- | [6269] imap, ipop2d and ipop3d buffer overflows
- | [5923] Linuxconf vpop3d symbolic link
- | [4918] IPOP3D, Buffer overflow attack
- | [1560] IPOP3D, user login successful
- | [1559] IPOP3D user login to remote host successful
- | [1525] IPOP3D, user logout
- | [1524] IPOP3D, user auto-logout
- | [1523] IPOP3D, user login failure
- | [1522] IPOP3D, brute force attack
- | [1521] IPOP3D, user kiss of death logout
- | [418] pop3d mktemp creates insecure temporary files
- |
- | Exploit-DB - https://www.exploit-db.com:
- | [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
- | [23053] Vpop3d Remote Denial of Service Vulnerability
- | [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
- | [11893] tPop3d 1.5.3 DoS
- | [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
- | [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
- | [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
- | [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
- |
- | OpenVAS (Nessus) - http://www.openvas.org:
- | [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
- | [901025] Dovecot Version Detection
- | [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
- | [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
- | [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
- | [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
- | [870607] RedHat Update for dovecot RHSA-2011:0600-01
- | [870471] RedHat Update for dovecot RHSA-2011:1187-01
- | [870153] RedHat Update for dovecot RHSA-2008:0297-02
- | [863272] Fedora Update for dovecot FEDORA-2011-7612
- | [863115] Fedora Update for dovecot FEDORA-2011-7258
- | [861525] Fedora Update for dovecot FEDORA-2007-664
- | [861394] Fedora Update for dovecot FEDORA-2007-493
- | [861333] Fedora Update for dovecot FEDORA-2007-1485
- | [860845] Fedora Update for dovecot FEDORA-2008-9202
- | [860663] Fedora Update for dovecot FEDORA-2008-2475
- | [860169] Fedora Update for dovecot FEDORA-2008-2464
- | [860089] Fedora Update for dovecot FEDORA-2008-9232
- | [840950] Ubuntu Update for dovecot USN-1295-1
- | [840668] Ubuntu Update for dovecot USN-1143-1
- | [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
- | [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
- | [840290] Ubuntu Update for dovecot vulnerability USN-567-1
- | [840234] Ubuntu Update for dovecot vulnerability USN-666-1
- | [840072] Ubuntu Update for dovecot vulnerability USN-487-1
- | [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
- | [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
- | [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
- | [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
- | [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
- | [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
- | [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
- | [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
- | [70259] FreeBSD Ports: dovecot
- | [69959] Debian Security Advisory DSA 2252-1 (dovecot)
- | [66522] FreeBSD Ports: dovecot
- | [65010] Ubuntu USN-838-1 (dovecot)
- | [64978] Debian Security Advisory DSA 1892-1 (dovecot)
- | [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
- | [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
- | [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
- | [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
- | [62854] FreeBSD Ports: dovecot-managesieve
- | [61916] FreeBSD Ports: dovecot
- | [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
- | [60568] Debian Security Advisory DSA 1516-1 (dovecot)
- | [60528] FreeBSD Ports: dovecot
- | [60134] Debian Security Advisory DSA 1457-1 (dovecot)
- | [60089] FreeBSD Ports: dovecot
- | [58578] Debian Security Advisory DSA 1359-1 (dovecot)
- | [56834] Debian Security Advisory DSA 1080-1 (dovecot)
- |
- | SecurityTracker - https://www.securitytracker.com:
- | [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
- | [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
- | [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
- |
- | OSVDB - http://www.osvdb.org:
- | [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
- | [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
- | [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
- | [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
- | [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
- | [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
- | [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
- | [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
- | [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
- | [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
- | [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
- | [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
- | [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
- | [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
- | [66113] Dovecot Mail Root Directory Creation Permission Weakness
- | [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
- | [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
- | [66110] Dovecot Multiple Unspecified Buffer Overflows
- | [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
- | [64783] Dovecot E-mail Message Header Unspecified DoS
- | [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
- | [62796] Dovecot mbox Format Email Header Handling DoS
- | [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
- | [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
- | [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
- | [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
- | [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
- | [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
- | [49098] Dovecot ACL Plugin Negative Access Rights Bypass
- | [43137] Dovecot mail_extra_groups Symlink File Manipulation
- | [42979] Dovecot passdbs Argument Injection Authentication Bypass
- | [39876] Dovecot LDAP Auth Cache Security Bypass
- | [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
- | [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
- | [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
- | [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
- | [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
- | [23281] Dovecot imap/pop3-login dovecot-auth DoS
- | [23280] Dovecot Malformed APPEND Command DoS
- | [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
- | [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
- | [5857] Linux pop3d Arbitrary Mail File Access
- | [2471] akpop3d username SQL Injection
- |_
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement