VYPR

Spamassassin

by Spamassassin

CVEs (5)

  • CVE-2006-2447Jun 6, 2006
    risk 0.09cvss epss 0.74

    SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

  • CVE-2010-1132Mar 27, 2010
    risk 0.04cvss epss 0.09

    The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

  • CVE-2007-2873Jun 11, 2007
    risk 0.00cvss epss 0.00

    SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

  • CVE-2004-0796Oct 20, 2004
    risk 0.00cvss epss 0.02

    SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.

  • CVE-2003-1557Dec 31, 2003
    risk 0.00cvss epss 0.05

    Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.