Mailscanner
by Mailscanner
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3292 | 0.00 | — | 0.00 | Nov 12, 2019 | The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet… | |||
| CVE-2010-3095 | 0.00 | — | 0.00 | Nov 12, 2019 | mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | |||
| CVE-2008-5313 | 0.00 | — | 0.00 | Dec 3, 2008 | mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in… | |||
| CVE-2008-5312 | 0.00 | — | 0.00 | Dec 3, 2008 | mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5)… | |||
| CVE-2008-5140 | 0.00 | — | 0.00 | Nov 18, 2008 | trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file. | |||
| CVE-2005-3470 | 0.00 | — | 0.01 | Nov 2, 2005 | SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands. | |||
| CVE-2005-1706 | 0.00 | — | 0.01 | May 24, 2005 | Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection. | |||
| CVE-2002-2228 | 0.00 | — | 0.01 | Dec 31, 2002 | MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. |
- CVE-2010-3292Nov 12, 2019risk 0.00cvss —epss 0.00
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet…
- CVE-2010-3095Nov 12, 2019risk 0.00cvss —epss 0.00
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
- CVE-2008-5313Dec 3, 2008risk 0.00cvss —epss 0.00
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in…
- CVE-2008-5312Dec 3, 2008risk 0.00cvss —epss 0.00
mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5)…
- CVE-2008-5140Nov 18, 2008risk 0.00cvss —epss 0.00
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
- CVE-2005-3470Nov 2, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.
- CVE-2005-1706May 24, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
- CVE-2002-2228Dec 31, 2002risk 0.00cvss —epss 0.01
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.