imap vulnerabilities and exploits

(subscribe to this query)

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x prior to 2.3.19, 2.4.x prior to 2.4.18, 2.5.x prior to 2.5.4 allows remote malicious users to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which trigger...

Opensuse Leap 42.1 Opensuse Opensuse 13.2 Cyrus Imap 2.3.0 Cyrus Imap 2.3.1 Cyrus Imap 2.3.2 Cyrus Imap 2.3.3 Cyrus Imap 2.3.4 Cyrus Imap 2.3.5 Cyrus Imap 2.3.6 Cyrus Imap 2.3.7 Cyrus Imap 2.3.8 Cyrus Imap 2.3.9

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote malicious users to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of a...

Cyrus Imap 2.3.0 Cyrus Imap 2.3.1 Cyrus Imap 2.3.2 Cyrus Imap 2.3.3 Cyrus Imap 2.3.4 Cyrus Imap 2.3.5 Cyrus Imap 2.3.6 Cyrus Imap 2.3.7 Cyrus Imap 2.3.8 Cyrus Imap 2.3.9 Cyrus Imap 2.3.10 Cyrus Imap 2.3.11

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote malicious users to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because o...

Opensuse Leap 42.1 Opensuse Opensuse 13.2 Cyrus Imap 2.3.0 Cyrus Imap 2.3.1 Cyrus Imap 2.3.2 Cyrus Imap 2.3.3 Cyrus Imap 2.3.4 Cyrus Imap 2.3.5 Cyrus Imap 2.3.6 Cyrus Imap 2.3.7 Cyrus Imap 2.3.8 Cyrus Imap 2.3.9

Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent malicious users to cause a denial of service (...

University Of Washington Imap University Of Washington Imap 2000 University Of Washington Imap 2000a University Of Washington Imap 2000b University Of Washington Imap 2000c University Of Washington Imap 2001 University Of Washington Imap 2001a University Of Washington Imap 2002 University Of Washington Imap 2002a University Of Washington Imap 2002b University Of Washington Imap 2002c University Of Washington Imap 2002d

The index_get_ids function in index.c in imapd in Cyrus IMAP Server prior to 2.4.11, when server-side threading is enabled, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Cmu Cyrus Imap Server Cmu Cyrus Imap Server 2.0.17 Cmu Cyrus Imap Server 2.1.16 Cmu Cyrus Imap Server 2.1.17 Cmu Cyrus Imap Server 2.1.18 Cmu Cyrus Imap Server 2.2.8 Cmu Cyrus Imap Server 2.2.9 Cmu Cyrus Imap Server 2.2.10 Cmu Cyrus Imap Server 2.2.11 Cmu Cyrus Imap Server 2.2.12 Cmu Cyrus Imap Server 2.2.13 Cmu Cyrus Imap Server 2.2.13p1

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server prior to 2.3.17 and 2.4.x prior to 2.4.11 allows remote malicious users to execute arbitrary code via a crafted NNTP command.

Cmu Cyrus Imap Server Cmu Cyrus Imap Server 2.0.17 Cmu Cyrus Imap Server 2.1.16 Cmu Cyrus Imap Server 2.1.17 Cmu Cyrus Imap Server 2.1.18 Cmu Cyrus Imap Server 2.2.8 Cmu Cyrus Imap Server 2.2.9 Cmu Cyrus Imap Server 2.2.10 Cmu Cyrus Imap Server 2.2.11 Cmu Cyrus Imap Server 2.2.12 Cmu Cyrus Imap Server 2.2.13 Cmu Cyrus Imap Server 2.2.13p1

The STARTTLS implementation in Cyrus IMAP Server prior to 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a...

Cmu Cyrus Imap Server Cmu Cyrus Imap Server 2.0.17 Cmu Cyrus Imap Server 2.1.16 Cmu Cyrus Imap Server 2.1.17 Cmu Cyrus Imap Server 2.1.18 Cmu Cyrus Imap Server 2.2.8 Cmu Cyrus Imap Server 2.2.9 Cmu Cyrus Imap Server 2.2.10 Cmu Cyrus Imap Server 2.2.11 Cmu Cyrus Imap Server 2.2.12 Cmu Cyrus Imap Server 2.2.13 Cmu Cyrus Imap Server 2.2.13p1

Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 up to and including 2.2.1 and 3.x up to and including 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote malicious users to execute arbitrary code.

Inter7 Courier-imap 1.6 Inter7 Courier-imap 1.7 Inter7 Courier-imap 2.0.0 Inter7 Courier-imap 2.1 Inter7 Courier-imap 2.1.1 Inter7 Courier-imap 2.1.2 Inter7 Courier-imap 2.2.0 Inter7 Courier-imap 2.2.1

1 EDB exploit

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote malicious users to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote...

University Of Washington Uw-imap University Of Washington Uw-imap 2004 University Of Washington Uw-imap 2004a University Of Washington Uw-imap 2004b University Of Washington Uw-imap 2004c University Of Washington Uw-imap 2004d University Of Washington Uw-imap 2004e

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP prior to 4.0.6-r2, and 4.1.x prior to 4.1.2-r1, on Gentoo Linux allows remote malicious users to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN...

Double Precision Incorporated Courier-imap 4.0.0 Double Precision Incorporated Courier-imap 4.0.1 Double Precision Incorporated Courier-imap 4.0.2 Double Precision Incorporated Courier-imap 4.0.3 Double Precision Incorporated Courier-imap 4.0.4 Double Precision Incorporated Courier-imap 4.0.5 Double Precision Incorporated Courier-imap 4.1.0 Double Precision Incorporated Courier-imap 4.1.1

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook