Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache james server vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privil...
Apache James Server
8.1
CVSSv3
CVE-2015-7611
Apache James Server 2.3.2, when configured with file-based user repositories, allows malicious users to execute arbitrary system commands via unspecified vectors.
Apache James Server 2.3.2
1 EDB exploit
5.5
CVSSv3
CVE-2022-45935
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 a...
Apache James
7.8
CVSSv3
CVE-2023-26269
Apache James server version 3.7.3 and previous versions provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 on...
Apache James
1 Github repository
NA
CVE-2006-2806
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote malicious users to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
Apache James 2.2.0
9.8
CVSSv3
CVE-2019-0228
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Apache Pdfbox 2.0.14
Apache James 3.4.0
Apache James 3.3.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Webcenter Sites 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Sites 12.2.1.4.0
Oracle Retail Xstore Point Of Service 17.0
Oracle Banking Virtual Account Management 14.3.0
Oracle Communications Messaging Server 8.1
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Hyperion Financial Reporting 11.2.6.0
Oracle Banking Trade Finance Process Management 14.2
Oracle Banking Trade Finance Process Management 14.3
Oracle Banking Trade Finance Process Management 14.5
Oracle Banking Credit Facilities Process Management 14.2
Oracle Banking Credit Facilities Process Management 14.3
Oracle Banking Credit Facilities Process Management 14.5
1 Github repository
NA
CVE-2023-51518
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note t...
NA
CVE-2002-0656
Buffer overflows in OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, allow remote malicious users to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.6b
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.3
Oracle Application Server 1.0.2.1s
Oracle Application Server 1.0.2.2
Oracle Corporate Time Outlook Connector 3.1
Oracle Corporate Time Outlook Connector 3.1.1
Openssl Openssl 0.9.4
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.7
Oracle Application Server 1.0.2
Oracle Corporate Time Outlook Connector 3.1.2
Oracle Http Server 9.0.1
Openssl Openssl 0.9.5
Openssl Openssl 0.9.6
Oracle Application Server
Oracle Corporate Time Outlook Connector 3.3
Oracle Http Server 9.2.0
1 EDB exploit
NA
CVE-2002-0655
OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow malicious users to cause a denial of service and possibly execute arbitrary code.
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.6a
Oracle Application Server 1.0.2
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.7
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.3
Openssl Openssl 0.9.4
Openssl Openssl 0.9.5
Oracle Corporate Time Outlook Connector 3.1.1
Oracle Corporate Time Outlook Connector 3.1.2
Oracle Corporate Time Outlook Connector 3.3
Oracle Http Server 9.0.1
Oracle Application Server 1.0.2.2
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6b
Oracle Application Server
Oracle Application Server 1.0.2.1s
Oracle Corporate Time Outlook Connector 3.1
Oracle Http Server 9.2.0
NA
CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, allows remote malicious users to cause a denial of service via invalid encodings.
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.3
Oracle Application Server 1.0.2.1s
Oracle Application Server 1.0.2.2
Oracle Corporate Time Outlook Connector 3.1
Oracle Corporate Time Outlook Connector 3.1.1
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.6b
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.4
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.7
Oracle Application Server 1.0.2
Oracle Corporate Time Outlook Connector 3.1.2
Oracle Http Server 9.0.1
Openssl Openssl 0.9.5
Openssl Openssl 0.9.6
Oracle Application Server
Oracle Corporate Time Outlook Connector 3.3
Oracle Http Server 9.2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »