Advertisement
Guest User

dovecot ssl pop3d vulns

a guest
Mar 21st, 2020
2,939
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.30 KB | None | 0 0
  1. PORT STATE SERVICE REASON VERSION
  2. 995/tcp open ssl/pop3 syn-ack ttl 51 Dovecot pop3d
  3. | vulscan: VulDB - https://vuldb.com:
  4. | [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
  5. | [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
  6. | [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
  7. | [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
  8. | [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
  9. | [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
  10. | [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
  11. | [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
  12. | [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
  13. | [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
  14. | [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
  15. | [69835] Dovecot 2.2.0/2.2.1 denial of service
  16. | [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
  17. | [65684] Dovecot up to 2.2.6 unknown vulnerability
  18. | [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
  19. | [63692] Dovecot up to 2.0.15 spoofing
  20. | [7062] Dovecot 2.1.10 mail-search.c denial of service
  21. | [57517] Dovecot up to 2.0.12 Login directory traversal
  22. | [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
  23. | [57515] Dovecot up to 2.0.12 Crash denial of service
  24. | [54944] Dovecot up to 1.2.14 denial of service
  25. | [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
  26. | [54942] Dovecot up to 2.0.4 Access Restriction denial of service
  27. | [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
  28. | [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
  29. | [53277] Dovecot up to 1.2.10 denial of service
  30. | [50082] Dovecot up to 1.1.6 Stack-based memory corruption
  31. | [45256] Dovecot up to 1.1.5 directory traversal
  32. | [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
  33. | [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
  34. | [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
  35. | [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
  36. | [40356] Dovecot 1.0.9 Cache unknown vulnerability
  37. | [38222] Dovecot 1.0.2 directory traversal
  38. | [36376] Dovecot up to 1.0.x directory traversal
  39. | [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
  40. |
  41. | MITRE CVE - https://cve.mitre.org:
  42. | [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
  43. | [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
  44. | [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
  45. | [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
  46. | [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
  47. | [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
  48. | [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
  49. | [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
  50. | [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
  51. | [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
  52. | [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
  53. | [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
  54. | [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
  55. | [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
  56. | [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
  57. | [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
  58. | [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
  59. | [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
  60. | [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
  61. | [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
  62. | [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
  63. | [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
  64. | [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
  65. | [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
  66. | [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
  67. | [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
  68. | [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
  69. | [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
  70. | [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
  71. | [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
  72. | [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
  73. | [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
  74. | [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
  75. | [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
  76. | [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
  77. | [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
  78. | [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
  79. |
  80. | SecurityFocus - https://www.securityfocus.com/bid/:
  81. | [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
  82. | [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
  83. | [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
  84. | [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
  85. | [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
  86. | [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
  87. | [67306] Dovecot Denial of Service Vulnerability
  88. | [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
  89. | [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
  90. | [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
  91. | [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
  92. | [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
  93. | [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
  94. | [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
  95. | [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
  96. | [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
  97. | [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
  98. | [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
  99. | [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
  100. | [39838] tpop3d Remote Denial of Service Vulnerability
  101. | [39258] Dovecot Service Control Access List Security Bypass Vulnerability
  102. | [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
  103. | [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
  104. | [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
  105. | [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
  106. | [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
  107. | [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
  108. | [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
  109. | [27093] Dovecot Authentication Cache Security Bypass Vulnerability
  110. | [25182] Dovecot ACL Plugin Security Bypass Vulnerability
  111. | [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
  112. | [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
  113. | [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
  114. | [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
  115. | [17961] Dovecot Remote Information Disclosure Vulnerability
  116. | [16672] Dovecot Double Free Denial of Service Vulnerability
  117. | [8495] akpop3d User Name SQL Injection Vulnerability
  118. | [8473] Vpop3d Remote Denial Of Service Vulnerability
  119. | [3990] ZPop3D Bad Login Logging Failure Vulnerability
  120. | [2781] DynFX MailServer POP3d Denial of Service Vulnerability
  121. |
  122. | IBM X-Force - https://exchange.xforce.ibmcloud.com:
  123. | [86382] Dovecot POP3 Service denial of service
  124. | [84396] Dovecot IMAP APPEND denial of service
  125. | [80453] Dovecot mail-search.c denial of service
  126. | [71354] Dovecot SSL Common Name (CN) weak security
  127. | [67675] Dovecot script-login security bypass
  128. | [67674] Dovecot script-login directory traversal
  129. | [67589] Dovecot header name denial of service
  130. | [63267] Apple Mac OS X Dovecot information disclosure
  131. | [62340] Dovecot mailbox security bypass
  132. | [62339] Dovecot IMAP or POP3 denial of service
  133. | [62256] Dovecot mailbox security bypass
  134. | [62255] Dovecot ACL entry security bypass
  135. | [60639] Dovecot ACL plugin weak security
  136. | [57267] Apple Mac OS X Dovecot Kerberos security bypass
  137. | [56763] Dovecot header denial of service
  138. | [54363] Dovecot base_dir privilege escalation
  139. | [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
  140. | [46323] Dovecot dovecot.conf information disclosure
  141. | [46227] Dovecot message parsing denial of service
  142. | [45669] Dovecot ACL mailbox security bypass
  143. | [45667] Dovecot ACL plugin rights security bypass
  144. | [41085] Dovecot TAB characters authentication bypass
  145. | [41009] Dovecot mail_extra_groups option unauthorized access
  146. | [39342] Dovecot LDAP auth cache configuration security bypass
  147. | [35767] Dovecot ACL plugin security bypass
  148. | [34082] Dovecot mbox-storage.c directory traversal
  149. | [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
  150. | [26578] Cyrus IMAP pop3d buffer overflow
  151. | [26536] Dovecot IMAP LIST information disclosure
  152. | [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
  153. | [24709] Dovecot APPEND command denial of service
  154. | [13018] akpop3d authentication code SQL injection
  155. | [7345] Slackware Linux imapd and ipop3d core dump
  156. | [6269] imap, ipop2d and ipop3d buffer overflows
  157. | [5923] Linuxconf vpop3d symbolic link
  158. | [4918] IPOP3D, Buffer overflow attack
  159. | [1560] IPOP3D, user login successful
  160. | [1559] IPOP3D user login to remote host successful
  161. | [1525] IPOP3D, user logout
  162. | [1524] IPOP3D, user auto-logout
  163. | [1523] IPOP3D, user login failure
  164. | [1522] IPOP3D, brute force attack
  165. | [1521] IPOP3D, user kiss of death logout
  166. | [418] pop3d mktemp creates insecure temporary files
  167. |
  168. | Exploit-DB - https://www.exploit-db.com:
  169. | [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
  170. | [23053] Vpop3d Remote Denial of Service Vulnerability
  171. | [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
  172. | [11893] tPop3d 1.5.3 DoS
  173. | [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
  174. | [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
  175. | [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
  176. | [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
  177. |
  178. | OpenVAS (Nessus) - http://www.openvas.org:
  179. | [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
  180. | [901025] Dovecot Version Detection
  181. | [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
  182. | [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
  183. | [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
  184. | [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
  185. | [870607] RedHat Update for dovecot RHSA-2011:0600-01
  186. | [870471] RedHat Update for dovecot RHSA-2011:1187-01
  187. | [870153] RedHat Update for dovecot RHSA-2008:0297-02
  188. | [863272] Fedora Update for dovecot FEDORA-2011-7612
  189. | [863115] Fedora Update for dovecot FEDORA-2011-7258
  190. | [861525] Fedora Update for dovecot FEDORA-2007-664
  191. | [861394] Fedora Update for dovecot FEDORA-2007-493
  192. | [861333] Fedora Update for dovecot FEDORA-2007-1485
  193. | [860845] Fedora Update for dovecot FEDORA-2008-9202
  194. | [860663] Fedora Update for dovecot FEDORA-2008-2475
  195. | [860169] Fedora Update for dovecot FEDORA-2008-2464
  196. | [860089] Fedora Update for dovecot FEDORA-2008-9232
  197. | [840950] Ubuntu Update for dovecot USN-1295-1
  198. | [840668] Ubuntu Update for dovecot USN-1143-1
  199. | [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
  200. | [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
  201. | [840290] Ubuntu Update for dovecot vulnerability USN-567-1
  202. | [840234] Ubuntu Update for dovecot vulnerability USN-666-1
  203. | [840072] Ubuntu Update for dovecot vulnerability USN-487-1
  204. | [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
  205. | [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
  206. | [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
  207. | [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
  208. | [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
  209. | [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
  210. | [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
  211. | [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
  212. | [70259] FreeBSD Ports: dovecot
  213. | [69959] Debian Security Advisory DSA 2252-1 (dovecot)
  214. | [66522] FreeBSD Ports: dovecot
  215. | [65010] Ubuntu USN-838-1 (dovecot)
  216. | [64978] Debian Security Advisory DSA 1892-1 (dovecot)
  217. | [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
  218. | [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
  219. | [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
  220. | [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
  221. | [62854] FreeBSD Ports: dovecot-managesieve
  222. | [61916] FreeBSD Ports: dovecot
  223. | [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
  224. | [60568] Debian Security Advisory DSA 1516-1 (dovecot)
  225. | [60528] FreeBSD Ports: dovecot
  226. | [60134] Debian Security Advisory DSA 1457-1 (dovecot)
  227. | [60089] FreeBSD Ports: dovecot
  228. | [58578] Debian Security Advisory DSA 1359-1 (dovecot)
  229. | [56834] Debian Security Advisory DSA 1080-1 (dovecot)
  230. |
  231. | SecurityTracker - https://www.securitytracker.com:
  232. | [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
  233. | [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
  234. | [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
  235. |
  236. | OSVDB - http://www.osvdb.org:
  237. | [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
  238. | [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
  239. | [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
  240. | [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
  241. | [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
  242. | [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
  243. | [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
  244. | [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
  245. | [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
  246. | [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
  247. | [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
  248. | [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
  249. | [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
  250. | [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
  251. | [66113] Dovecot Mail Root Directory Creation Permission Weakness
  252. | [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
  253. | [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
  254. | [66110] Dovecot Multiple Unspecified Buffer Overflows
  255. | [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
  256. | [64783] Dovecot E-mail Message Header Unspecified DoS
  257. | [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
  258. | [62796] Dovecot mbox Format Email Header Handling DoS
  259. | [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
  260. | [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
  261. | [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
  262. | [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
  263. | [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
  264. | [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
  265. | [49098] Dovecot ACL Plugin Negative Access Rights Bypass
  266. | [43137] Dovecot mail_extra_groups Symlink File Manipulation
  267. | [42979] Dovecot passdbs Argument Injection Authentication Bypass
  268. | [39876] Dovecot LDAP Auth Cache Security Bypass
  269. | [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
  270. | [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
  271. | [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
  272. | [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
  273. | [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
  274. | [23281] Dovecot imap/pop3-login dovecot-auth DoS
  275. | [23280] Dovecot Malformed APPEND Command DoS
  276. | [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
  277. | [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
  278. | [5857] Linux pop3d Arbitrary Mail File Access
  279. | [2471] akpop3d username SQL Injection
  280. |_
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement