VYPR

Courier MTA

by Double Precision Incorporated

CVEs (5)

  • CVE-2006-2659May 30, 2006
    risk 0.00cvss epss 0.02

    libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

  • CVE-2004-0224Apr 15, 2004
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

  • CVE-2003-0040Feb 19, 2003
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

  • CVE-2002-1311Nov 29, 2002
    risk 0.00cvss epss 0.00

    Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

  • CVE-2002-0914Oct 4, 2002
    risk 0.00cvss epss 0.02

    Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.