Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imap vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, wh...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Uw-imap Project Uw-imap 2007f
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
4 Github repositories
7.8
CVSSv2
CVE-2014-0822
The IMAP server in IBM Domino 8.5.x prior to 8.5.3 FP6 IF1 and 9.0.x prior to 9.0.1 FP1 allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
Ibm Lotus Domino 8.5.3.0
Ibm Lotus Domino 8.5.3.1
Ibm Lotus Domino 8.5.1.1
Ibm Lotus Domino 8.5.1.2
Ibm Lotus Domino 8.5.2.3
Ibm Lotus Domino 8.5.2.4
Ibm Lotus Domino 8.5.3.5
Ibm Lotus Domino 8.5.0
Ibm Lotus Domino 8.5.1.5
Ibm Lotus Domino 8.5.2.0
Ibm Lotus Domino 9.0.0.0
Ibm Lotus Domino 9.0.1.0
Ibm Lotus Domino 8.5.0.1
Ibm Lotus Domino 8.5.1
Ibm Lotus Domino 8.5.2.1
Ibm Lotus Domino 8.5.2.2
Ibm Lotus Domino 8.5.3.2
Ibm Lotus Domino 8.5.3.3
Ibm Lotus Domino 8.5.3.4
Ibm Lotus Domino 8.5.1.3
Ibm Lotus Domino 8.5.1.4
7.8
CVSSv2
CVE-2007-0221
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote malicious users to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
Microsoft Exchange Server 2000
7.8
CVSSv2
CVE-2007-0955
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and previous versions allows remote malicious users to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), whi...
Mailenable Mailenable
2 EDB exploits
7.8
CVSSv2
CVE-2007-0887
axigen 1.2.6 up to and including 2.0.0b1 does not properly parse login credentials, which allows remote malicious users to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
Gecad Technologies Axigen Mail Server 1.2.6
Gecad Technologies Axigen Mail Server 2.0.0b1
1 EDB exploit
7.8
CVSSv2
CVE-2006-1158
Kerio MailServer prior to 6.1.3 Patch 1 allows remote malicious users to cause a denial of service (application crash) via a crafted IMAP LOGIN command.
Kerio Kerio Mailserver 5.7.10
Kerio Kerio Mailserver 5.7.2
Kerio Kerio Mailserver 5.7.9
Kerio Kerio Mailserver 6.0
Kerio Kerio Mailserver 6.0.6
Kerio Kerio Mailserver 6.0.7
Kerio Kerio Mailserver 5.7.3
Kerio Kerio Mailserver 5.7.4
Kerio Kerio Mailserver 6.0.0
Kerio Kerio Mailserver 6.0.1
Kerio Kerio Mailserver 6.0.8
Kerio Kerio Mailserver 6.1.3 Patch 1
Kerio Kerio Mailserver 5.6.4
Kerio Kerio Mailserver 5.6.5
Kerio Kerio Mailserver 5.7.5
Kerio Kerio Mailserver 5.7.6
Kerio Kerio Mailserver 6.0.2
Kerio Kerio Mailserver 6.0.3
Kerio Kerio Mailserver 5.7.0
Kerio Kerio Mailserver 5.7.1
Kerio Kerio Mailserver 5.7.7
Kerio Kerio Mailserver 5.7.8
7.8
CVSSv2
CVE-2005-3993
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and previous versions and Enterprise 1.1 and previous versions allow malicious users to cause a denial of service (crash) via invalid IMAP commands.
Mailenable Mailenable Enterprise 1.1
Mailenable Mailenable Professional
Mailenable Mailenable Enterprise 1.01
Mailenable Mailenable Enterprise 1.02
Mailenable Mailenable Enterprise 1.03
Mailenable Mailenable Enterprise 1.04
Mailenable Mailenable Enterprise 1.00
7.8
CVSSv2
CVE-2002-2325
The c-client library in Internet Message Access Protocol (IMAP) dated prior to 2002 RC2, as used by Pine 4.20 up to and including 4.44, allows remote malicious users to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty ...
University Of Washington Pine 4.44
University Of Washington Pine 4.20
University Of Washington Pine 4.21
University Of Washington Pine 4.30
University Of Washington Pine 4.33
1 EDB exploit
7.5
CVSSv2
CVE-2021-3657
A flaw was found in mbsync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivabl...
Isync Project Isync
Fedoraproject Fedora 35
Redhat Enterprise Linux 7.0
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 up to and including 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could concei...
Isync Project Isync
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »