Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP prior to 4.0.6-r2, and 4.1.x prior to 4.1.2-r1, on Gentoo Linux allows remote malicious users to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
double_precision_incorporated courier-imap 4.0.0 |
||
double_precision_incorporated courier-imap 4.0.1 |
||
double_precision_incorporated courier-imap 4.1.0 |
||
double_precision_incorporated courier-imap 4.1.1 |
||
double_precision_incorporated courier-imap 4.0.2 |
||
double_precision_incorporated courier-imap 4.0.3 |
||
double_precision_incorporated courier-imap 4.0.4 |
||
double_precision_incorporated courier-imap 4.0.5 |