Vendor CVEs
Double Precision Incorporated
All CVEs
30 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10818 | Cri | 0.64 | 9.8 | 0.02 | Aug 4, 2017 | MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | ||
| CVE-2017-10817 | Cri | 0.64 | 9.8 | 0.03 | Aug 4, 2017 | MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | ||
| CVE-2017-10816 | Cri | 0.64 | 9.8 | 0.02 | Aug 4, 2017 | SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | ||
| CVE-2017-10815 | Hig | 0.53 | 8.1 | 0.02 | Aug 4, 2017 | MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent. | ||
| CVE-2004-0777 | 0.04 | — | 0.11 | Oct 20, 2004 | Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. | |||
| CVE-2000-0091 | 0.04 | — | 0.13 | Jan 21, 2000 | Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. | |||
| CVE-2007-0558 | 0.03 | — | 0.02 | Jan 30, 2007 | PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. | |||
| CVE-2005-2769 | 0.03 | — | 0.03 | Sep 2, 2005 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by… | |||
| CVE-2005-1308 | 0.03 | — | 0.02 | Apr 15, 2005 | SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. | |||
| CVE-2004-0591 | 0.03 | — | 0.05 | Aug 6, 2004 | Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. | |||
| CVE-2002-1414 | 0.03 | — | 0.01 | Apr 11, 2003 | Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. | |||
| CVE-2022-22813 | 0.00 | — | 0.01 | Feb 9, 2022 | A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product… | |||
| CVE-2021-38084 | 0.00 | — | 0.01 | Aug 3, 2021 | An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session. | |||
| CVE-2008-2380 | 0.00 | — | 0.02 | Dec 22, 2008 | SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. | |||
| CVE-2008-2667 | 0.00 | — | 0.02 | Jul 7, 2008 | SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the… | |||
| CVE-2007-2173 | 0.00 | — | 0.05 | Apr 24, 2007 | Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||
| CVE-2006-2659 | 0.00 | — | 0.02 | May 30, 2006 | libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. | |||
| CVE-2006-2346 | 0.00 | — | 0.02 | May 12, 2006 | vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP. | |||
| CVE-2006-1141 | 0.00 | — | 0.04 | Mar 10, 2006 | Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | |||
| CVE-2005-3532 | 0.00 | — | 0.02 | Dec 11, 2005 | authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled. | |||
| CVE-2005-2820 | 0.00 | — | 0.02 | Sep 7, 2005 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". | |||
| CVE-2005-2724 | 0.00 | — | 0.02 | Aug 30, 2005 | Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. | |||
| CVE-2005-2151 | 0.00 | — | 0.01 | Jul 6, 2005 | spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | |||
| CVE-2004-2313 | 0.00 | — | 0.01 | Dec 31, 2004 | Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | |||
| CVE-2004-0224 | 0.00 | — | 0.03 | Apr 15, 2004 | Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | |||
| CVE-2003-0040 | 0.00 | — | 0.01 | Feb 19, 2003 | SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. | |||
| CVE-2002-1311 | 0.00 | — | 0.00 | Nov 29, 2002 | Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. | |||
| CVE-2002-0914 | 0.00 | — | 0.02 | Oct 4, 2002 | Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. | |||
| CVE-2001-0990 | 0.00 | — | 0.00 | Sep 4, 2001 | Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | |||
| CVE-2000-0583 | 0.00 | — | 0.02 | Jun 30, 2000 | vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. |
- risk 0.64cvss 9.8epss 0.02
MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service.
- risk 0.64cvss 9.8epss 0.03
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.
- risk 0.53cvss 8.1epss 0.02
MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent.
- CVE-2004-0777Oct 20, 2004risk 0.04cvss —epss 0.11
Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
- CVE-2000-0091Jan 21, 2000risk 0.04cvss —epss 0.13
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
- CVE-2007-0558Jan 30, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.
- CVE-2005-2769Sep 2, 2005risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by…
- CVE-2005-1308Apr 15, 2005risk 0.03cvss —epss 0.02
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
- CVE-2004-0591Aug 6, 2004risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
- CVE-2002-1414Apr 11, 2003risk 0.03cvss —epss 0.01
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
- CVE-2022-22813Feb 9, 2022risk 0.00cvss —epss 0.01
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product…
- CVE-2021-38084Aug 3, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
- CVE-2008-2380Dec 22, 2008risk 0.00cvss —epss 0.02
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
- CVE-2008-2667Jul 7, 2008risk 0.00cvss —epss 0.02
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the…
- CVE-2007-2173Apr 24, 2007risk 0.00cvss —epss 0.05
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
- CVE-2006-2659May 30, 2006risk 0.00cvss —epss 0.02
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
- CVE-2006-2346May 12, 2006risk 0.00cvss —epss 0.02
vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.
- CVE-2006-1141Mar 10, 2006risk 0.00cvss —epss 0.04
Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
- CVE-2005-3532Dec 11, 2005risk 0.00cvss —epss 0.02
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
- CVE-2005-2820Sep 7, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
- CVE-2005-2724Aug 30, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.
- CVE-2005-2151Jul 6, 2005risk 0.00cvss —epss 0.01
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
- CVE-2004-2313Dec 31, 2004risk 0.00cvss —epss 0.01
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
- CVE-2004-0224Apr 15, 2004risk 0.00cvss —epss 0.03
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
- CVE-2003-0040Feb 19, 2003risk 0.00cvss —epss 0.01
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
- CVE-2002-1311Nov 29, 2002risk 0.00cvss —epss 0.00
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
- CVE-2002-0914Oct 4, 2002risk 0.00cvss —epss 0.02
Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
- CVE-2001-0990Sep 4, 2001risk 0.00cvss —epss 0.00
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
- CVE-2000-0583Jun 30, 2000risk 0.00cvss —epss 0.02
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.