libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
Max CVSS
7.8
EPSS Score
8.57%
Published
2006-05-30
Updated
2018-10-03
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
Max CVSS
7.5
EPSS Score
2.13%
Published
2004-04-15
Updated
2017-07-11
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
Max CVSS
7.5
EPSS Score
0.26%
Published
2003-02-19
Updated
2017-10-10
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-11-29
Updated
2016-10-18
Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
Max CVSS
5.0
EPSS Score
0.82%
Published
2002-10-04
Updated
2008-09-05
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!