Searching mail software vulnerabilities

The default permissions for UnixWare /var/mail

permissions | /var/mail | UnixWare | default | modify | users' | other | local | allow | users | mail | read |

The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.


Netscape Navigator uses weak encryption for sto

encryption | Navigator | Netscape | password | storing | user's | uses | mail | weak |

Netscape Navigator uses weak encryption for storing a user's Netscape mail password.


A buffer overflow in TenFour TFS Gateway SMTP m

arbitrary | offering | possibly | overflow | attacker | execute | TenFour | Gateway | allows | buffer | server | crash | code | more | mail | SMTP | than | TFS |

A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows an attacker to crash the mail server and possibly execute arbitrary code by offering more than 128 bytes in a MAIL FROM string.


/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does n

/usr/sbin/Mail | IRIX | SGI |

/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.


Buffer overflow in Sniffit 0.3.x with the -L lo

arbitrary | attackers | commands | overflow | enabled | execute | Sniffit | logging | header | option | Buffer | remote | allows | long | MAIL | 03x | via |

Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.


Buffer overflow in mailx mail command (aka Mail

overflow | command | Buffer | mailx | mail |

Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.


Avirt Mail 4.0 and 4.2 allows remote attackers

arbitrary | attackers | possible | commands | service | command | execute | remote | allows | denial | FROM" | "RCPT | Avirt | cause | "MAIL | Mail | long | via | TO" |

Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possible execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.


Buffer overflow in All-Mail 1.1 allows remote a

attackers | arbitrary | overflow | commands | All-Mail | command | execute | allows | remote | Buffer | FROM" | "MAIL | "RCPT | long | TO" | via |

Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.


The web mail functionality in Usermin 1.x and W

metacharacters | functionality | attackers | arbitrary | commands | execute | message | Usermin | Webmin | e-mail | remote | allows | shell | mail | via | web |

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.


signup_page.php in Mantis bugtracker allows rem

signup_pagephp | bugtracker | attackers | providing | creating | multiple | address | e-mail | remote | allows | Mantis | users | bombs | same | send |

signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.


Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird b

Mozilla | Mail |

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.


MERAK Mail Server 7.6.0 with Icewarp Web Mail 5

Server | MERAK | Mail |

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.


Postfix 2.1.3, when /proc/net/if_inet6 is not a

Postfix |

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.


CRLF injection vulnerability in bizmail.cgi in

vulnerability | bizmailcgi | attackers | sequences | parameter | injection | headers | bypass | e-mail | remote | forged | before | allows | check | email | Mail | Form | CRLF | spam | send | via | Biz |

CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.


The (1) lost password and (2) account pending f


The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).


dir/include.html in IceWarp Web Mail 5.5.1, as

dir/includehtml | IceWarp | Mail | Web |

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.


IceWarp Web Mail 5.5.1, as used by Merak Mail S

IceWarp | Mail | Web |

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.


Qualcomm Eudora Internet Mail Server (EIMS) bef

Internet | Qualcomm | Server | Eudora | Mail |

Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file.


Craig Morrison Mail Transport System Profession

Professional | Transport | Morrison | System | Craig | Mail |

Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.


Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows

Apple | Mail | Mac |

Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes.


Software vulnerabilities results 1 to 20 of 554     
Page: 12345...28