Search criteria
6 vulnerabilities found for vpopmail by inter7
CVE-2001-0990 (GCVE-0-2001-0990)
Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "vpopmail-insecure-auth-data(7076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"name": "3284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "vpopmail-insecure-auth-data(7076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"name": "3284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.inter7.com/vpopmail/ChangeLog",
"refsource": "MISC",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "vpopmail-insecure-auth-data(7076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"name": "3284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0990",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0091 (GCVE-0-2000-0091)
Vulnerability from cvelistv5 – Published: 2000-04-18 04:00 – Updated: 2024-08-08 05:05
VLAI?
Summary
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inter7.com/vpopmail/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inter7.com/vpopmail/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.inter7.com/vpopmail/ChangeLog",
"refsource": "MISC",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/942"
},
{
"name": "http://www.inter7.com/vpopmail/",
"refsource": "MISC",
"url": "http://www.inter7.com/vpopmail/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0091",
"datePublished": "2000-04-18T04:00:00",
"dateReserved": "2000-02-02T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0990 (GCVE-0-2001-0990)
Vulnerability from nvd – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "vpopmail-insecure-auth-data(7076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"name": "3284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "vpopmail-insecure-auth-data(7076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"name": "3284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.inter7.com/vpopmail/ChangeLog",
"refsource": "MISC",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "vpopmail-insecure-auth-data(7076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"name": "3284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0990",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0091 (GCVE-0-2000-0091)
Vulnerability from nvd – Published: 2000-04-18 04:00 – Updated: 2024-08-08 05:05
VLAI?
Summary
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inter7.com/vpopmail/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inter7.com/vpopmail/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.inter7.com/vpopmail/ChangeLog",
"refsource": "MISC",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"name": "942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/942"
},
{
"name": "http://www.inter7.com/vpopmail/",
"refsource": "MISC",
"url": "http://www.inter7.com/vpopmail/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0091",
"datePublished": "2000-04-18T04:00:00",
"dateReserved": "2000-02-02T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2001-0990
Vulnerability from fkie_nvd - Published: 2001-09-04 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inter7 | vpopmail | 3.4.1 | |
| inter7 | vpopmail | 3.4.2 | |
| inter7 | vpopmail | 3.4.3 | |
| inter7 | vpopmail | 3.4.4 | |
| inter7 | vpopmail | 3.4.5 | |
| inter7 | vpopmail | 3.4.6 | |
| inter7 | vpopmail | 3.4.7 | |
| inter7 | vpopmail | 3.4.8 | |
| inter7 | vpopmail | 3.4.9 | |
| inter7 | vpopmail | 3.4.10 | |
| inter7 | vpopmail | 3.4.11 | |
| inter7 | vpopmail | 3.4.11e | |
| inter7 | vpopmail | 4.5 | |
| inter7 | vpopmail | 4.6 | |
| inter7 | vpopmail | 4.7 | |
| inter7 | vpopmail | 4.8 | |
| inter7 | vpopmail | 4.9 | |
| inter7 | vpopmail | 4.9.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85F4E493-79E9-49EF-9C8B-237F2FC771D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8F2818-965F-45CB-842E-0BE3A9DC3606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FACEBAD4-B602-401B-A798-8BD440D62368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D27D37-97E4-413F-A3B5-33E5CC7DD811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9D8F71-E669-41B9-9686-3C348669710B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F07EA2-D0D6-4CF2-A1E5-87C7FBE77E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48D21401-54EB-49FE-ACA6-CED2E7300D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2078CF-E0F3-4CF2-AC4B-8F1B66C5D36B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ABFEF3-019C-46E7-841E-87EF8C6C9DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55281945-8C12-49C5-8B3A-C1247A2F2955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "242098D4-C84A-4741-B651-2C8ABCF631DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:3.4.11e:*:*:*:*:*:*:*",
"matchCriteriaId": "D907D537-B206-40B4-A27B-DEC45CEF0DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4FCDD9-2491-4B90-B70D-2BADFC2CE4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD37D2A-AA5C-4FA7-AB3E-27CA5FC2BB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D547D97-E996-4EE4-872F-1A3A0B28B2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3B56A0D4-31E8-4C3B-97CC-EDFA2EE0A271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C9BDA23C-8B7F-4BFF-AA66-5072AA79CF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:4.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F96550-7AFB-4978-84A2-FE903FB7A922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library."
}
],
"id": "CVE-2001-0990",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3284"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/212036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2000-0091
Vulnerability from fkie_nvd - Published: 2000-01-21 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inter7 | vpopmail | vchkpw_3.4.1 | |
| inter7 | vpopmail | vchkpw_3.4.2 | |
| inter7 | vpopmail | vchkpw_3.4.3 | |
| inter7 | vpopmail | vchkpw_3.4.4 | |
| inter7 | vpopmail | vchkpw_3.4.5 | |
| inter7 | vpopmail | vchkpw_3.4.6 | |
| inter7 | vpopmail | vchkpw_3.4.7 | |
| inter7 | vpopmail | vchkpw_3.4.8 | |
| inter7 | vpopmail | vchkpw_3.4.9 | |
| inter7 | vpopmail | vchkpw_3.4.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE370D9-945E-4DD8-A69C-AED356660732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2935241-381C-4EF6-98EE-582C48899124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBE17B9-F890-4496-9B53-856FBB9F717D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1342F1-BD91-4C43-918E-3701EDD0A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC0A8F8-9244-4D7A-A204-903F53FE29C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16D9ADFA-A94B-49D5-9602-E18E81E0C060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99259D6D-2AD8-4EFE-A12B-A69A319E5970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82EF0973-3E81-4AE9-A59E-9F18DBEC99F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0615E738-6FE7-48FD-83C9-FAA147EC9702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inter7:vpopmail:vchkpw_3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6C3AE1-A219-48DD-A3E0-526C516A1728",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password."
}
],
"id": "CVE-2000-0091",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-01-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.inter7.com/vpopmail/"
},
{
"source": "cve@mitre.org",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.inter7.com/vpopmail/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.inter7.com/vpopmail/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}