Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qmail vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-15955
In s/qmail up to and including 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.
Fehcom S\\/qmail
7.5
CVSSv3
CVE-2020-3811
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
Netqmail Netqmail 1.06
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 20.04
5.5
CVSSv3
CVE-2020-3812
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's...
Netqmail Netqmail 1.06
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 20.04
NA
CVE-2011-1431
The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending a cleartext command tha...
Frederik Vermeulen Netqmail 1.06
NA
CVE-2008-6984
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote malicious users to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as ...
Parallels Plesk 8.6.0
NA
CVE-2008-5606
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file via a direct request for qmail.mdb.
Gazatem Technologies Qmail Mailing List Manager 1.2
1 EDB exploit
NA
CVE-2005-1515
Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO...
Dan Bernstein Qmail
9.8
CVSSv3
CVE-2005-1513
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
Qmail Project Qmail -
Canonical Ubuntu Linux 20.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
NA
CVE-2005-1514
commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced wi...
Dan Bernstein Qmail
NA
CVE-2004-2088
Sophos Anti-Virus 3.78 allows remote malicious users to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
Sophos Sophos Anti-virus 3.4.6
Sophos Sophos Anti-virus 3.78
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »