VYPR

Courier IMAP

by Double Precision Incorporated

CVEs (4)

  • CVE-2004-0777Oct 20, 2004
    risk 0.04cvss epss 0.11

    Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.

  • CVE-2007-2173Apr 24, 2007
    risk 0.00cvss epss 0.05

    Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

  • CVE-2004-0224Apr 15, 2004
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

  • CVE-2003-0040Feb 19, 2003
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.