maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
Max CVSS
7.8
EPSS Score
0.06%
Published
2019-11-11
Updated
2020-08-24
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
Max CVSS
7.5
EPSS Score
89.64%
Published
2005-09-13
Updated
2016-10-18
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
Max CVSS
7.5
EPSS Score
0.18%
Published
2005-06-02
Updated
2008-09-05
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
Max CVSS
7.5
EPSS Score
83.18%
Published
2005-05-26
Updated
2008-09-05
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
7.44%
Published
2005-05-26
Updated
2008-09-05
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
Max CVSS
7.5
EPSS Score
12.08%
Published
2005-05-26
Updated
2008-09-05
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2008-09-10
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!