Searching pop software vulnerabilities

The SSH protocol server sshd allows local users

authentication | connection | redirect | standard | database | password | protocol | through | service | without | allows | server | access | system | users | local | shell | such | uses | sshd | POP | FTP | SSH | TCP |

The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.


NetWin dMailWeb and cwMail 2.6i and earlier all

attackers | parameter | dMailWeb | earlier | service | denial | remote | cwMail | NetWin | allows | cause | long | 26i | POP | via |

NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).


qpopper POP server creates lock files with pred

predictable | creates | service | qpopper | server | allows | denial | other | users | cause | local | files | names | which | lock | POP |

qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.


popauth utility in Qualcomm Qpopper 4.0 and ear

overwrite | arbitrary | commands | Qualcomm | execute | symlink | utility | popauth | earlier | Qpopper | attack | allows | option | -trace | files | users | local | file | user | pop | via |

popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.


Nevrona Designs MiraMail 1.04 and earlier store

MiraMail | Designs | Nevrona |

Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file.


Tiny Personal Firewall (TPF) 2.0.15, under cert

Firewall | Personal | Tiny |

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.


Buffer overflow in MDaemon POP server 6.0.7 and

overflow | MDaemon | server | Buffer | POP |

Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.


Multiple buffer overflows in DeleGate 7.7.0 thr

overflows | DeleGate | Multiple | buffer |

Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.


SQL injection vulnerability in the LDAP and MyS

authentication | vulnerability | injection | Cyrus | patch | MySQL | SASL | LDAP | SQL |

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.


Cross-site scripting (XSS) vulnerability in Inv

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.


Trend OfficeScan Corporate Edition 5.58 and pos

OfficeScan | Corporate | Edition | Trend |

Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.


Mail server in Gattaca Server 2003 1.1.10.0 all

Gattaca | server | Mail |

Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP).


Web Wiz Forums 7.7a uses invalid logic to deter

privileges | determine | attackers | invalid | Forums | remote | allows | which | logic | uses | user | Web | Wiz | 77a |

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.


Format string vulnerability in the lire_pop fun

vulnerability | libremail | function | lire_pop | Format | string | popc |

Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response.


Cross-site scripting (XSS) vulnerability in Wir

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference.


SpamAssassin before 3.1.3, when running with vp

SpamAssassin | before |

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.


Unspecified vulnerability in the POP service in

vulnerability | CommuniGate | Unspecified | attackers | service | earlier | Stalker | allows | denial | remote | cause | 51c1 | POP | Pro |

Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox.


SQL injection vulnerability in pop_profile.asp

pop_profileasp | vulnerability | injection | Forums | Snitz | SQL |

SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.


The default configuration of the POP server in

configuration | depending | responses | different | usernames | enumerate | attackers | generates | Services | username | default | whether | OpenVMS | remote | allows | TCP/IP | server | valid | which | not | POP |

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.


The default configuration of the POP server in

identification | configuration | attempted | attackers | Services | attempts | username | address | OpenVMS | default | TCP/IP | remote | server | source | might | avoid | which | login | does | help | not | log | POP |

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.


Software vulnerabilities results 1 to 20 of 41     
Page: 123