VYPR
Vendor

Double Precision Incorporated

Products
11
CVEs
30
Across products
36
Status
Private

Products

11

Recent CVEs

30
View all 30 CVEs →
  • CVE-2017-10818CriAug 4, 2017
    risk 0.64cvss 9.8epss 0.02

    MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service.

  • CVE-2017-10817CriAug 4, 2017
    risk 0.64cvss 9.8epss 0.03

    MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.

  • CVE-2017-10816CriAug 4, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.

  • CVE-2017-10815HigAug 4, 2017
    risk 0.53cvss 8.1epss 0.02

    MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent.

  • CVE-2004-0777Oct 20, 2004
    risk 0.04cvss epss 0.11

    Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.

  • CVE-2000-0091Jan 21, 2000
    risk 0.04cvss epss 0.13

    Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

  • CVE-2007-0558Jan 30, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.

  • CVE-2005-2769Sep 2, 2005
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by…

  • CVE-2005-1308Apr 15, 2005
    risk 0.03cvss epss 0.02

    SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.

  • CVE-2004-0591Aug 6, 2004
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.

  • CVE-2002-1414Apr 11, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.

  • CVE-2022-22813Feb 9, 2022
    risk 0.00cvss epss 0.01

    A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product…

  • CVE-2021-38084Aug 3, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

  • CVE-2008-2380Dec 22, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

  • CVE-2008-2667Jul 7, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the…

  • CVE-2007-2173Apr 24, 2007
    risk 0.00cvss epss 0.05

    Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

  • CVE-2006-2659May 30, 2006
    risk 0.00cvss epss 0.02

    libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

  • CVE-2006-2346May 12, 2006
    risk 0.00cvss epss 0.02

    vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.

  • CVE-2006-1141Mar 10, 2006
    risk 0.00cvss epss 0.04

    Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.

  • CVE-2005-3532Dec 11, 2005
    risk 0.00cvss epss 0.02

    authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.