Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imap vulnerabilities and exploits
(subscribe to this query)
660
VMScore
CVE-2007-3925
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 prior to 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
Ipswitch Ipswitch Collaboration Suite
Ipswitch Imail Server
2 EDB exploits
1000
VMScore
CVE-2001-1009
Fetchmail (aka fetchmail-ssl) prior to 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
Fetchmail Fetchmail 5.8.13
Fetchmail Fetchmail 5.8.11
Fetchmail Fetchmail 5.8.5
Fetchmail Fetchmail 5.8.4
Fetchmail Fetchmail 5.4.4
Fetchmail Fetchmail 5.4.3
Fetchmail Fetchmail 5.3.8
Fetchmail Fetchmail 5.3.3
Fetchmail Fetchmail 5.0.6
Fetchmail Fetchmail 5.0.5
Fetchmail Fetchmail 5.0.4
Fetchmail Fetchmail 5.8.2
Fetchmail Fetchmail 5.8
Fetchmail Fetchmail 5.5.2
Fetchmail Fetchmail 5.4.5
Fetchmail Fetchmail 5.3.1
Fetchmail Fetchmail 5.2.8
Fetchmail Fetchmail 5.1.0
Fetchmail Fetchmail 5.0.7
Fetchmail Fetchmail 5.0.0
Fetchmail Fetchmail 4.7.6
Fetchmail Fetchmail 4.7.1
2 EDB exploits
510
VMScore
CVE-2004-1546
Multiple buffer overflows in MDaemon 6.5.1 allow remote malicious users to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
Alt-n Mdaemon 6.5.1
2 EDB exploits
660
VMScore
CVE-2008-1358
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
Altn Mdaemon 9.6.4
2 EDB exploits
516
VMScore
CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the des...
Mbsync Project Mbsync
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Extra Packages For Enterprise Linux 8.0
1000
VMScore
CVE-2005-1255
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote malicious users to execute arbitrary code via a LOGIN command with (1) a long username argument...
Ipswitch Imail 8.12
Ipswitch Imail 8.13
Ipswitch Ipswitch Collaboration Suite
Ipswitch Imail Server
3 EDB exploits
445
VMScore
CVE-2020-25275
Dovecot prior to 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
383
VMScore
CVE-2006-0188
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote malicious users to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified ...
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.4.4
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4 Rc1
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.4 Rc1
Squirrelmail Squirrelmail 1.4.5
383
VMScore
CVE-2006-0195
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote malicious users to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url"...
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.4.4
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.4 Rc1
Squirrelmail Squirrelmail 1.4.5
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4 Rc1
445
VMScore
CVE-2006-0377
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote malicious users to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.4 Rc1
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.5
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.4
Squirrelmail Squirrelmail 1.4.4 Rc1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »