Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for courier_mta by double_precision_incorporated

    CVE-2006-2659 (GCVE-0-2006-2659)

    Vulnerability from nvd – Published: 2006-05-30 19:00 – Updated: 2024-08-07 17:58
    VLAI
    Summary
    libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200608-06.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/18345 vdb-entryx_refsource_BID
    http://secunia.com/advisories/20548 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20519 third-party-advisoryx_refsource_SECUNIA
    http://www.courier-mta.org/beta/patches/verp-fix/… x_refsource_CONFIRM
    http://secunia.com/advisories/21350 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1101 vendor-advisoryx_refsource_DEBIAN
    http://www.vupen.com/english/advisories/2006/2214 vdb-entryx_refsource_VUPEN
    https://usn.ubuntu.com/294-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/20792 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016248 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:58:51.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"
              },
              {
                "name": "courier-usernames-dos(26998)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998"
              },
              {
                "name": "GLSA-200608-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml"
              },
              {
                "name": "18345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18345"
              },
              {
                "name": "20548",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20548"
              },
              {
                "name": "20519",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20519"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt"
              },
              {
                "name": "21350",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21350"
              },
              {
                "name": "DSA-1101",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1101"
              },
              {
                "name": "ADV-2006-2214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2214"
              },
              {
                "name": "USN-294-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/294-1/"
              },
              {
                "name": "20792",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20792"
              },
              {
                "name": "1016248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"
            },
            {
              "name": "courier-usernames-dos(26998)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998"
            },
            {
              "name": "GLSA-200608-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml"
            },
            {
              "name": "18345",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18345"
            },
            {
              "name": "20548",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20548"
            },
            {
              "name": "20519",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20519"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt"
            },
            {
              "name": "21350",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21350"
            },
            {
              "name": "DSA-1101",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1101"
            },
            {
              "name": "ADV-2006-2214",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2214"
            },
            {
              "name": "USN-294-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/294-1/"
            },
            {
              "name": "20792",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20792"
            },
            {
              "name": "1016248",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"
                },
                {
                  "name": "courier-usernames-dos(26998)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998"
                },
                {
                  "name": "GLSA-200608-06",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml"
                },
                {
                  "name": "18345",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18345"
                },
                {
                  "name": "20548",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20548"
                },
                {
                  "name": "20519",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20519"
                },
                {
                  "name": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt"
                },
                {
                  "name": "21350",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21350"
                },
                {
                  "name": "DSA-1101",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1101"
                },
                {
                  "name": "ADV-2006-2214",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2214"
                },
                {
                  "name": "USN-294-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/294-1/"
                },
                {
                  "name": "20792",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20792"
                },
                {
                  "name": "1016248",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2659",
        "datePublished": "2006-05-30T19:00:00.000Z",
        "dateReserved": "2006-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:58:51.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0224 (GCVE-0-2004-0224)

    Vulnerability from nvd – Published: 2004-03-16 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/11087/ third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/9845 vdb-entryx_refsource_BID
    Date Public
    2004-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=5767"
              },
              {
                "name": "courier-codeset-converter-bo(15434)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15434"
              },
              {
                "name": "11087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11087/"
              },
              {
                "name": "9845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9845"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code \"when Unicode character is out of BMP range.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=5767"
            },
            {
              "name": "courier-codeset-converter-bo(15434)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15434"
            },
            {
              "name": "11087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11087/"
            },
            {
              "name": "9845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9845"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0224",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code \"when Unicode character is out of BMP range.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=5767",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=5767"
                },
                {
                  "name": "courier-codeset-converter-bo(15434)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15434"
                },
                {
                  "name": "11087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11087/"
                },
                {
                  "name": "9845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9845"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0224",
        "datePublished": "2004-03-16T05:00:00.000Z",
        "dateReserved": "2004-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0040 (GCVE-0-2003-0040)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2003/dsa-247 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6738 vdb-entryx_refsource_BID
    Date Public
    2003-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:34.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2003/dsa-247"
              },
              {
                "name": "courierimap-authmysqllib-sql-injection(11213)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213"
              },
              {
                "name": "6738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6738"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-11-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-247",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2003/dsa-247"
            },
            {
              "name": "courierimap-authmysqllib-sql-injection(11213)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213"
            },
            {
              "name": "6738",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6738"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0040",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-247",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2003/dsa-247"
                },
                {
                  "name": "courierimap-authmysqllib-sql-injection(11213)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213"
                },
                {
                  "name": "6738",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6738"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0040",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:34.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1311 (GCVE-0-2002-1311)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
    VLAI
    Summary
    Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/10643.php vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6189 vdb-entryx_refsource_BID
    http://www.debian.org/security/2002/dsa-197 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=103794021013436&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:19:28.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "courier-mta-insecure-permissions(10643)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/10643.php"
              },
              {
                "name": "6189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6189"
              },
              {
                "name": "DSA-197",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2002/dsa-197"
              },
              {
                "name": "20021119 GLSA: courier",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=103794021013436\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-10-16T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "courier-mta-insecure-permissions(10643)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/10643.php"
            },
            {
              "name": "6189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6189"
            },
            {
              "name": "DSA-197",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2002/dsa-197"
            },
            {
              "name": "20021119 GLSA: courier",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=103794021013436\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "courier-mta-insecure-permissions(10643)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/10643.php"
                },
                {
                  "name": "6189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6189"
                },
                {
                  "name": "DSA-197",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2002/dsa-197"
                },
                {
                  "name": "20021119 GLSA: courier",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=103794021013436\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1311",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:19:28.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0914 (GCVE-0-2002-0914)

    Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
    VLAI
    Summary
    Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/9228.php vdb-entryx_refsource_XF
    http://www.osvdb.org/5052 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/4908 vdb-entryx_refsource_BID
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    Date Public
    2002-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:03:49.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "courier-mta-year-dos(9228)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9228.php"
              },
              {
                "name": "5052",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5052"
              },
              {
                "name": "4908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4908"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=93065"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-09-10T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "courier-mta-year-dos(9228)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9228.php"
            },
            {
              "name": "5052",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5052"
            },
            {
              "name": "4908",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4908"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=93065"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0914",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "courier-mta-year-dos(9228)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9228.php"
                },
                {
                  "name": "5052",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5052"
                },
                {
                  "name": "4908",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4908"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=93065",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=93065"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0914",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:03:49.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2659 (GCVE-0-2006-2659)

    Vulnerability from cvelistv5 – Published: 2006-05-30 19:00 – Updated: 2024-08-07 17:58
    VLAI
    Summary
    libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200608-06.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/18345 vdb-entryx_refsource_BID
    http://secunia.com/advisories/20548 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20519 third-party-advisoryx_refsource_SECUNIA
    http://www.courier-mta.org/beta/patches/verp-fix/… x_refsource_CONFIRM
    http://secunia.com/advisories/21350 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1101 vendor-advisoryx_refsource_DEBIAN
    http://www.vupen.com/english/advisories/2006/2214 vdb-entryx_refsource_VUPEN
    https://usn.ubuntu.com/294-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/20792 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016248 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:58:51.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"
              },
              {
                "name": "courier-usernames-dos(26998)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998"
              },
              {
                "name": "GLSA-200608-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml"
              },
              {
                "name": "18345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18345"
              },
              {
                "name": "20548",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20548"
              },
              {
                "name": "20519",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20519"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt"
              },
              {
                "name": "21350",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21350"
              },
              {
                "name": "DSA-1101",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1101"
              },
              {
                "name": "ADV-2006-2214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2214"
              },
              {
                "name": "USN-294-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/294-1/"
              },
              {
                "name": "20792",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20792"
              },
              {
                "name": "1016248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"
            },
            {
              "name": "courier-usernames-dos(26998)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998"
            },
            {
              "name": "GLSA-200608-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml"
            },
            {
              "name": "18345",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18345"
            },
            {
              "name": "20548",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20548"
            },
            {
              "name": "20519",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20519"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt"
            },
            {
              "name": "21350",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21350"
            },
            {
              "name": "DSA-1101",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1101"
            },
            {
              "name": "ADV-2006-2214",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2214"
            },
            {
              "name": "USN-294-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/294-1/"
            },
            {
              "name": "20792",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20792"
            },
            {
              "name": "1016248",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"
                },
                {
                  "name": "courier-usernames-dos(26998)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998"
                },
                {
                  "name": "GLSA-200608-06",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml"
                },
                {
                  "name": "18345",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18345"
                },
                {
                  "name": "20548",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20548"
                },
                {
                  "name": "20519",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20519"
                },
                {
                  "name": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt"
                },
                {
                  "name": "21350",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21350"
                },
                {
                  "name": "DSA-1101",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1101"
                },
                {
                  "name": "ADV-2006-2214",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2214"
                },
                {
                  "name": "USN-294-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/294-1/"
                },
                {
                  "name": "20792",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20792"
                },
                {
                  "name": "1016248",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2659",
        "datePublished": "2006-05-30T19:00:00.000Z",
        "dateReserved": "2006-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:58:51.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1311 (GCVE-0-2002-1311)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
    VLAI
    Summary
    Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/10643.php vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6189 vdb-entryx_refsource_BID
    http://www.debian.org/security/2002/dsa-197 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=103794021013436&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:19:28.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "courier-mta-insecure-permissions(10643)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/10643.php"
              },
              {
                "name": "6189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6189"
              },
              {
                "name": "DSA-197",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2002/dsa-197"
              },
              {
                "name": "20021119 GLSA: courier",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=103794021013436\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-10-16T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "courier-mta-insecure-permissions(10643)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/10643.php"
            },
            {
              "name": "6189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6189"
            },
            {
              "name": "DSA-197",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2002/dsa-197"
            },
            {
              "name": "20021119 GLSA: courier",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=103794021013436\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "courier-mta-insecure-permissions(10643)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/10643.php"
                },
                {
                  "name": "6189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6189"
                },
                {
                  "name": "DSA-197",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2002/dsa-197"
                },
                {
                  "name": "20021119 GLSA: courier",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=103794021013436\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1311",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:19:28.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0040 (GCVE-0-2003-0040)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2003/dsa-247 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6738 vdb-entryx_refsource_BID
    Date Public
    2003-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:34.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-247",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2003/dsa-247"
              },
              {
                "name": "courierimap-authmysqllib-sql-injection(11213)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213"
              },
              {
                "name": "6738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6738"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-11-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-247",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2003/dsa-247"
            },
            {
              "name": "courierimap-authmysqllib-sql-injection(11213)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213"
            },
            {
              "name": "6738",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6738"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0040",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-247",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2003/dsa-247"
                },
                {
                  "name": "courierimap-authmysqllib-sql-injection(11213)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213"
                },
                {
                  "name": "6738",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6738"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0040",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:34.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0224 (GCVE-0-2004-0224)

    Vulnerability from cvelistv5 – Published: 2004-03-16 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/11087/ third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/9845 vdb-entryx_refsource_BID
    Date Public
    2004-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=5767"
              },
              {
                "name": "courier-codeset-converter-bo(15434)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15434"
              },
              {
                "name": "11087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11087/"
              },
              {
                "name": "9845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9845"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code \"when Unicode character is out of BMP range.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=5767"
            },
            {
              "name": "courier-codeset-converter-bo(15434)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15434"
            },
            {
              "name": "11087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11087/"
            },
            {
              "name": "9845",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9845"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0224",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code \"when Unicode character is out of BMP range.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=5767",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=5767"
                },
                {
                  "name": "courier-codeset-converter-bo(15434)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15434"
                },
                {
                  "name": "11087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11087/"
                },
                {
                  "name": "9845",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9845"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0224",
        "datePublished": "2004-03-16T05:00:00.000Z",
        "dateReserved": "2004-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0914 (GCVE-0-2002-0914)

    Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
    VLAI
    Summary
    Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/9228.php vdb-entryx_refsource_XF
    http://www.osvdb.org/5052 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/4908 vdb-entryx_refsource_BID
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    Date Public
    2002-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:03:49.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "courier-mta-year-dos(9228)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9228.php"
              },
              {
                "name": "5052",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5052"
              },
              {
                "name": "4908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4908"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=93065"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-09-10T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "courier-mta-year-dos(9228)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9228.php"
            },
            {
              "name": "5052",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5052"
            },
            {
              "name": "4908",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4908"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=93065"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0914",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "courier-mta-year-dos(9228)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9228.php"
                },
                {
                  "name": "5052",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5052"
                },
                {
                  "name": "4908",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4908"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=93065",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=93065"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0914",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:03:49.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }