exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 430 RSS Feed

IMAP Files

Dovecot IMAP Server 2.2 Improper Access Control
Posted Jul 7, 2022
Authored by Julian Brook

Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication.

tags | advisory, imap
advisories | CVE-2022-30550
SHA-256 | c9c1a6dcc53febbada1b722a950a737522f4c2987b34eb7b27226ddd2a58c66b
Red Hat Security Advisory 2022-1950-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1950-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2021-33515
SHA-256 | c96d5111f5070a5af8936a5b285732d58b1ba5c094025f86d272acb9af844c39
Hydra Network Logon Cracker 9.3
Posted Feb 3, 2022
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added support for Xcode compilation and new module cobaltstrike. Fixed ssh to support -M or ip/rangeix, rdp to detect empty passwords, http-form to no send empty headers, http on non-default ports when using with a proxy for vnc/cisco/, support IPv6 addresses in -M, and more.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 3977221a7eb176cd100298c6d47939999a920a628868ae1aceed408a21e04013
Red Hat Security Advisory 2021-4181-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4181-03 - Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Issues addressed include a memory leak vulnerability.

tags | advisory, imap, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-28896, CVE-2021-3181
SHA-256 | f637abbe05b01eb8ecdc9dab201e7c132c21c24013b36468c1d62133ed476d79
Red Hat Security Advisory 2021-3546-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3546-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, imap, protocol
systems | linux, redhat
advisories | CVE-2021-33582
SHA-256 | f906598321e1f6eb52920261111c9632db38f848be1dac81ce1c97c946db901b
Red Hat Security Advisory 2021-3492-01
Posted Sep 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3492-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, imap, protocol
systems | linux, redhat
advisories | CVE-2021-33582
SHA-256 | 43f8d9b01207dfa0d24b4cf764fa6d29dbe280a0e6ebb6265c1f1fdee7b31282
Red Hat Security Advisory 2021-3493-01
Posted Sep 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3493-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, imap, protocol
systems | linux, redhat
advisories | CVE-2021-33582
SHA-256 | df5df5a67956e4c3f6b317fc69d22d4f177a767e0113d518d0c06f4225ab743d
Ubuntu Security Notice USN-5058-1
Posted Aug 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5058-1 - It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, imap
systems | linux, ubuntu
advisories | CVE-2021-29969, CVE-2021-29984, CVE-2021-29985, CVE-2021-29989, CVE-2021-30547
SHA-256 | d439dc830ff759d365c01af29919212afc94c2f9e8414adca8c017e63f81126f
Red Hat Security Advisory 2021-1887-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1887-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2020-24386, CVE-2020-25275
SHA-256 | 045796f3b8418b5d1ac6859ee2713ae9bc1a6fe4c33f84ee2b09f1874015aaf9
Hydra Network Logon Cracker 9.2
Posted Mar 15, 2021
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Fix for http-post-form optional parameters. Enabled gcc 10 support for xhydra. IPv6 support for Host: header for http based modules. Various other updates.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 1a28f064763f9144f8ec574416a56ef51c0ab1ae2276e35a89ceed4f594ec5d2
Dovecot 2.3.11.3 Access Bypass
Posted Jan 7, 2021
Authored by Aki Tuomi

Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.

tags | advisory, imap, bypass
advisories | CVE-2020-24386
SHA-256 | 5e5468067fc35516788b52ac2a4e75207c4c6d4b1f0ea93176e970b293daf7d6
Ubuntu Security Notice USN-4674-1
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, imap
systems | linux, ubuntu
advisories | CVE-2020-24386, CVE-2020-25275
SHA-256 | a6fb24566e34ca33892166efc08d56441a09b26e354fd4b998d65c1ffc7d4c66
Red Hat Security Advisory 2020-4763-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4763-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, imap
systems | linux, redhat, unix
advisories | CVE-2020-10958, CVE-2020-10967
SHA-256 | 95023ee6ccfb4930ceec503cc37701c443c932cfb1c4e11e4b4e377d760694ea
Red Hat Security Advisory 2020-4655-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4655-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Issues addressed include bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability, imap
systems | linux, redhat
advisories | CVE-2019-18928, CVE-2019-19783
SHA-256 | 351b1e471e4038244a22555e9ae5e3516d9d76c701f6e5c112212a28d3c5a7d5
Ubuntu Security Notice USN-4598-1
Posted Oct 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.

tags | advisory, remote, imap
systems | linux, ubuntu
advisories | CVE-2020-15953
SHA-256 | d19bb3d7c5778cad2232b0d3f1d4767258f76d7dff5b87c5147ddaeec6110b97
Ubuntu Security Notice USN-4566-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, arbitrary, local, imap
systems | linux, ubuntu
advisories | CVE-2019-11356, CVE-2019-19783
SHA-256 | b29e714d866e6ec6075866950847cbd51cb8d46269dd8a4d6182d91d2d346043
Red Hat Security Advisory 2020-3736-01
Posted Sep 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3736-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
SHA-256 | f2f761dd7dde49bfd4aa597adb004d01505647c371efea19e6e4504615a4b0aa
Red Hat Security Advisory 2020-3735-01
Posted Sep 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3735-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
SHA-256 | dd5369db54a4b97a48e0ec79ac558ed78b8cc59d447c2e0929f168ab5654f573
Red Hat Security Advisory 2020-3713-01
Posted Sep 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3713-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
SHA-256 | fb59fad9d07e625d5f38b44bf743d2a63224244c690ddb5fc7e29a99b4d2b051
Red Hat Security Advisory 2020-3617-01
Posted Sep 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3617-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
SHA-256 | 3e7cf4227b43d701bce0f2c45f34690a4bc28657983ceb7b548761524b3dd143
Hydra Network Logon Cracker 9.1
Posted Jul 29, 2020
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Enabled gcc 10 support for xhydra. Fixed crash in MD5 auth for rtsp. New module for smb2 which also supports smb3. Various other updates.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | ce08a5148c0ae5ff4b0a4af2f7f15c5946bc939a57eae1bbb6dda19f34410273
Red Hat Security Advisory 2020-2901-01
Posted Jul 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2901-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2020-10957
SHA-256 | 5388b840d07a416917d8e654fc7d471e63221776509c441b201c96ca12a3a5ef
Ubuntu Security Notice USN-4421-1
Posted Jul 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4421-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, imap
systems | linux, ubuntu
advisories | CVE-2020-12398, CVE-2020-12399, CVE-2020-12406, CVE-2020-12410, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
SHA-256 | e29ba156301d1adef5ee70accc941815f87182af2911cd015ba0d303ce8a38ff
Gentoo Linux Security Advisory 202006-23
Posted Jun 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-23 - An error in Cyrus IMAP Server allows mailboxes to be created with administrative privileges. Versions less than 3.0.13 are affected.

tags | advisory, imap
systems | linux, gentoo
advisories | CVE-2019-19783
SHA-256 | 1e7bbbfed2c2de886311d93aac435e0c81676a96a5713624632764df5154c6ff
Red Hat Security Advisory 2020-1062-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1062-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, imap
systems | linux, redhat, unix
advisories | CVE-2019-3814, CVE-2019-7524
SHA-256 | 1517dbf1863f00fb4691f1e13a0cdc1507d4badbd0e6e5642066299d6a0fc9c0
Page 1 of 18
Back12345Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close