Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
70 vulnerabilities by university_of_washington
CVE-2008-5514 (GCVE-0-2008-5514)
Vulnerability from nvd – Published: 2008-12-23 18:13 – Updated: 2024-08-07 10:56
VLAI
Summary
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.washington.edu/imap/documentation/RELN… | x_refsource_CONFIRM |
| http://secunia.com/advisories/33275 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/32958 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/33638 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1021485 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=477227 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/3490 | vdb-entryx_refsource_VUPEN |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2008-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.washington.edu/imap/documentation/RELNOTES.html"
},
{
"name": "33275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33275"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32958"
},
{
"name": "33638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33638"
},
{
"name": "uwimapd-rfc822outputchar-dos(47526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"
},
{
"name": "1021485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021485"
},
{
"name": "FEDORA-2009-0371",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"
},
{
"name": "ADV-2008-3490",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3490"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.washington.edu/imap/documentation/RELNOTES.html"
},
{
"name": "33275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33275"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32958"
},
{
"name": "33638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33638"
},
{
"name": "uwimapd-rfc822outputchar-dos(47526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"
},
{
"name": "1021485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021485"
},
{
"name": "FEDORA-2009-0371",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"
},
{
"name": "ADV-2008-3490",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3490"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-5514",
"datePublished": "2008-12-23T18:13:00.000Z",
"dateReserved": "2008-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:47.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5006 (GCVE-0-2008-5006)
Vulnerability from nvd – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:40
VLAI
Summary
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/11/03/5 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2008/dsa-1685 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32280 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/33142 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2008-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "imap-toolkit-smtp-dos(46604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"
},
{
"name": "32280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32280"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "imap-toolkit-smtp-dos(46604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"
},
{
"name": "32280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32280"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "DSA-1685",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "imap-toolkit-smtp-dos(46604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"
},
{
"name": "32280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32280"
},
{
"name": "33142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33142"
},
{
"name": "MDVSA-2009:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5006",
"datePublished": "2008-11-10T11:00:00.000Z",
"dateReserved": "2008-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:16.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5005 (GCVE-0-2008-5005)
Vulnerability from nvd – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:40
VLAI
Summary
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
28 references
Date Public
2008-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10485",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://panda.com/imap/"
},
{
"name": "[oss-security] 20081103 CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
},
{
"name": "FEDORA-2008-9396",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.washington.edu/alpine/tmailbug.html"
},
{
"name": "4570",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4570"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "32483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32483"
},
{
"name": "32072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32072"
},
{
"name": "uwimapd-tmail-bo(46281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "FEDORA-2008-9383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
},
{
"name": "RHSA-2009:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
},
{
"name": "33996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33996"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
},
{
"name": "32512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32512"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
},
{
"name": "ADV-2008-3042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3042"
},
{
"name": "1021131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10485",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://panda.com/imap/"
},
{
"name": "[oss-security] 20081103 CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
},
{
"name": "FEDORA-2008-9396",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.washington.edu/alpine/tmailbug.html"
},
{
"name": "4570",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4570"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "32483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32483"
},
{
"name": "32072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32072"
},
{
"name": "uwimapd-tmail-bo(46281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "FEDORA-2008-9383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
},
{
"name": "RHSA-2009:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
},
{
"name": "33996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33996"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
},
{
"name": "32512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32512"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
},
{
"name": "ADV-2008-3042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3042"
},
{
"name": "1021131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10485",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
},
{
"name": "http://panda.com/imap/",
"refsource": "CONFIRM",
"url": "http://panda.com/imap/"
},
{
"name": "[oss-security] 20081103 CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
},
{
"name": "FEDORA-2008-9396",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
},
{
"name": "http://www.bitsec.com/en/rad/bsa-081103.txt",
"refsource": "MISC",
"url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
},
{
"name": "http://www.bitsec.com/en/rad/bsa-081103.c",
"refsource": "MISC",
"url": "http://www.bitsec.com/en/rad/bsa-081103.c"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "http://www.washington.edu/alpine/tmailbug.html",
"refsource": "MISC",
"url": "http://www.washington.edu/alpine/tmailbug.html"
},
{
"name": "4570",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4570"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"refsource": "MLIST",
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
},
{
"name": "DSA-1685",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "32483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32483"
},
{
"name": "32072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32072"
},
{
"name": "uwimapd-tmail-bo(46281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
},
{
"name": "33142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33142"
},
{
"name": "FEDORA-2008-9383",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=469667",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
},
{
"name": "RHSA-2009:0275",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"refsource": "MLIST",
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
},
{
"name": "33996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33996"
},
{
"name": "MDVSA-2009:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
},
{
"name": "32512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32512"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
},
{
"name": "ADV-2008-3042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3042"
},
{
"name": "1021131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5005",
"datePublished": "2008-11-10T11:00:00.000Z",
"dateReserved": "2008-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:16.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1392 (GCVE-0-2006-1392)
Vulnerability from nvd – Published: 2006-03-26 23:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/24521 | vdb-entryx_refsource_OSVDB |
| http://pubcookie.org/news/20060306-login-secadv.html | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/337585 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/17221 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/19348 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pubcookie-login-server-xss(25427)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25427"
},
{
"name": "24521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pubcookie.org/news/20060306-login-secadv.html"
},
{
"name": "VU#337585",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/337585"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pubcookie-login-server-xss(25427)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25427"
},
{
"name": "24521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pubcookie.org/news/20060306-login-secadv.html"
},
{
"name": "VU#337585",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/337585"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pubcookie-login-server-xss(25427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25427"
},
{
"name": "24521",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24521"
},
{
"name": "http://pubcookie.org/news/20060306-login-secadv.html",
"refsource": "CONFIRM",
"url": "http://pubcookie.org/news/20060306-login-secadv.html"
},
{
"name": "VU#337585",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/337585"
},
{
"name": "17221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "19348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1392",
"datePublished": "2006-03-26T23:00:00.000Z",
"dateReserved": "2006-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:21.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1393 (GCVE-0-2006-1393)
Vulnerability from nvd – Published: 2006-03-26 23:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://pubcookie.org/news/20060306-apps-secadv.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/24103 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/17221 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/314540 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/19348 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "pubcookie-appserver-module-xss(25426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25426"
},
{
"name": "24103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24103"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "pubcookie-appserver-module-xss(25426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25426"
},
{
"name": "24103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24103"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pubcookie.org/news/20060306-apps-secadv.html",
"refsource": "CONFIRM",
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "pubcookie-appserver-module-xss(25426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25426"
},
{
"name": "24103",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24103"
},
{
"name": "17221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1393",
"datePublished": "2006-03-26T23:00:00.000Z",
"dateReserved": "2006-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:21.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1394 (GCVE-0-2006-1394)
Vulnerability from nvd – Published: 2006-03-26 23:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://pubcookie.org/news/20060306-apps-secadv.html | x_refsource_CONFIRM |
| http://www.osvdb.org/24520 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/17221 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/314540 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/19348 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "24520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24520"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "24520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24520"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pubcookie.org/news/20060306-apps-secadv.html",
"refsource": "CONFIRM",
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "24520",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24520"
},
{
"name": "17221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1394",
"datePublished": "2006-03-26T23:00:00.000Z",
"dateReserved": "2006-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:20.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2933 (GCVE-0-2005-2933)
Vulnerability from nvd – Published: 2005-10-13 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
44 references
Date Public
2005-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2005:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:194"
},
{
"name": "RHSA-2005:850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-850.html"
},
{
"name": "17950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17950"
},
{
"name": "21252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21252"
},
{
"name": "17276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17276"
},
{
"name": "17148",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17148"
},
{
"name": "20222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "18554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18554"
},
{
"name": "47",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/47"
},
{
"name": "17152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17152"
},
{
"name": "RHSA-2006:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "DSA-861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-861"
},
{
"name": "20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html"
},
{
"name": "17062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17062/"
},
{
"name": "oval:org.mitre.oval:def:9858",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858"
},
{
"name": "20051201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "15009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.washington.edu/imap/"
},
{
"name": "RHSA-2006:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "RHSA-2005:848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-848.html"
},
{
"name": "RHSA-2006:0549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20951"
},
{
"name": "20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=313\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "uw-imap-mailbox-name-bo(22518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "FLSA:170411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430296/100/0/threaded"
},
{
"name": "19832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17930",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17930"
},
{
"name": "1015000",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015000"
},
{
"name": "VU#933601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/933601"
},
{
"name": "GLSA-200510-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml"
},
{
"name": "SSA:2005-310-06",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.500161"
},
{
"name": "21564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21564"
},
{
"name": "FLSA:184098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430303/100/0/threaded"
},
{
"name": "MDKSA-2005:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:189"
},
{
"name": "17928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17928"
},
{
"name": "17336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17336"
},
{
"name": "ADV-2006-2685",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "17215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17215"
},
{
"name": "SUSE-SR:2005:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington\u0027s IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (\") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2005:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:194"
},
{
"name": "RHSA-2005:850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-850.html"
},
{
"name": "17950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17950"
},
{
"name": "21252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21252"
},
{
"name": "17276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17276"
},
{
"name": "17148",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17148"
},
{
"name": "20222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "18554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18554"
},
{
"name": "47",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/47"
},
{
"name": "17152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17152"
},
{
"name": "RHSA-2006:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "DSA-861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-861"
},
{
"name": "20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html"
},
{
"name": "17062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17062/"
},
{
"name": "oval:org.mitre.oval:def:9858",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858"
},
{
"name": "20051201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "15009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.washington.edu/imap/"
},
{
"name": "RHSA-2006:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "RHSA-2005:848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-848.html"
},
{
"name": "RHSA-2006:0549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20951"
},
{
"name": "20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=313\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "uw-imap-mailbox-name-bo(22518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "FLSA:170411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430296/100/0/threaded"
},
{
"name": "19832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17930",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17930"
},
{
"name": "1015000",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015000"
},
{
"name": "VU#933601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/933601"
},
{
"name": "GLSA-200510-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml"
},
{
"name": "SSA:2005-310-06",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.500161"
},
{
"name": "21564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21564"
},
{
"name": "FLSA:184098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430303/100/0/threaded"
},
{
"name": "MDKSA-2005:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:189"
},
{
"name": "17928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17928"
},
{
"name": "17336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17336"
},
{
"name": "ADV-2006-2685",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "17215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17215"
},
{
"name": "SUSE-SR:2005:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington\u0027s IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (\") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2005:194",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:194"
},
{
"name": "RHSA-2005:850",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-850.html"
},
{
"name": "17950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17950"
},
{
"name": "21252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21252"
},
{
"name": "17276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17276"
},
{
"name": "17148",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17148"
},
{
"name": "20222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "18554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18554"
},
{
"name": "47",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/47"
},
{
"name": "17152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17152"
},
{
"name": "RHSA-2006:0276",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "DSA-861",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-861"
},
{
"name": "20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html"
},
{
"name": "17062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17062/"
},
{
"name": "oval:org.mitre.oval:def:9858",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858"
},
{
"name": "20051201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "15009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15009"
},
{
"name": "http://www.washington.edu/imap/",
"refsource": "CONFIRM",
"url": "http://www.washington.edu/imap/"
},
{
"name": "RHSA-2006:0501",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "RHSA-2005:848",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-848.html"
},
{
"name": "RHSA-2006:0549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20951"
},
{
"name": "20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=313\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "uw-imap-mailbox-name-bo(22518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22518"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "FLSA:170411",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430296/100/0/threaded"
},
{
"name": "19832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17930"
},
{
"name": "1015000",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015000"
},
{
"name": "VU#933601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/933601"
},
{
"name": "GLSA-200510-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml"
},
{
"name": "SSA:2005-310-06",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.500161"
},
{
"name": "21564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21564"
},
{
"name": "FLSA:184098",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430303/100/0/threaded"
},
{
"name": "MDKSA-2005:189",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:189"
},
{
"name": "17928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17928"
},
{
"name": "17336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17336"
},
{
"name": "ADV-2006-2685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "17215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17215"
},
{
"name": "SUSE-SR:2005:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2933",
"datePublished": "2005-10-13T04:00:00.000Z",
"dateReserved": "2005-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0198 (GCVE-0-2005-0198)
Vulnerability from nvd – Published: 2005-02-06 05:00 – Updated: 2024-08-07 21:05
VLAI
Summary
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.kb.cert.org/vuls/id/CRDY-68QSL5 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2005-128.html | vendor-advisoryx_refsource_REDHAT |
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| http://secunia.com/advisories/14097 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1013037 | vdb-entryx_refsource_SECTRACK |
| http://www.kb.cert.org/vuls/id/702777 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/14057 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/12391 | vdb-entryx_refsource_BID |
Date Public
2005-01-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11306",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11306",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11306",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"name": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0198",
"datePublished": "2005-02-06T05:00:00.000Z",
"dateReserved": "2005-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:05:25.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1066 (GCVE-0-2005-1066)
Vulnerability from nvd – Published: 2005-04-12 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://msgs.securepoint.com/cgi-bin/get/bugtraq05… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/14899 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/15456 | vdb-entryx_refsource_OSVDB |
Date Public
2005-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050411 rpdump TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html"
},
{
"name": "14899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14899"
},
{
"name": "15456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050411 rpdump TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html"
},
{
"name": "14899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14899"
},
{
"name": "15456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050411 rpdump TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html"
},
{
"name": "14899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14899"
},
{
"name": "15456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1066",
"datePublished": "2005-04-12T04:00:00.000Z",
"dateReserved": "2005-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0721 (GCVE-0-2003-0721)
Vulnerability from nvd – Published: 2003-09-12 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-274.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=106329356702508&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=106367213400313&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2003-273.html | vendor-advisoryx_refsource_REDHAT |
| http://www.idefense.com/advisory/09.10.03.txt | third-party-advisoryx_refsource_IDEFENSE |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2003-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "20030915 remote Pine \u003c= 4.56 exploit fully automatic",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106367213400313\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "20030910 Two Exploitable Overflows in PINE",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030911 Pine: .procmailrc rule against integer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html"
},
{
"name": "oval:org.mitre.oval:def:503",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "20030915 remote Pine \u003c= 4.56 exploit fully automatic",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106367213400313\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "20030910 Two Exploitable Overflows in PINE",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030911 Pine: .procmailrc rule against integer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html"
},
{
"name": "oval:org.mitre.oval:def:503",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:274",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "20030915 remote Pine \u003c= 4.56 exploit fully automatic",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106367213400313\u0026w=2"
},
{
"name": "RHSA-2003:273",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "20030910 Two Exploitable Overflows in PINE",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030911 Pine: .procmailrc rule against integer overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html"
},
{
"name": "oval:org.mitre.oval:def:503",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0721",
"datePublished": "2003-09-12T04:00:00.000Z",
"dateReserved": "2003-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0720 (GCVE-0-2003-0720)
Vulnerability from nvd – Published: 2003-09-12 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-274.html | vendor-advisoryx_refsource_REDHAT |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://marc.info/?l=bugtraq&m=106329356702508&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2003-273.html | vendor-advisoryx_refsource_REDHAT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.idefense.com/advisory/09.10.03.txt | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=106322571805153&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "oval:org.mitre.oval:def:499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322571805153\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "oval:org.mitre.oval:def:499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322571805153\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:274",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "RHSA-2003:273",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "oval:org.mitre.oval:def:499",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499"
},
{
"name": "http://www.idefense.com/advisory/09.10.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106322571805153\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0720",
"datePublished": "2003-09-12T04:00:00.000Z",
"dateReserved": "2003-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0300 (GCVE-0-2003-0300)
Vulnerability from nvd – Published: 2003-05-15 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0300",
"datePublished": "2003-05-15T04:00:00.000Z",
"dateReserved": "2003-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:47.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0297 (GCVE-0-2003-0297)
Vulnerability from nvd – Published: 2003-05-15 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/430302/100… | vendor-advisoryx_refsource_FEDORA |
| http://www.redhat.com/support/errata/RHSA-2005-114.html | vendor-advisoryx_refsource_REDHAT |
| http://www.redhat.com/support/errata/RHSA-2005-015.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:184074",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430302/100/0/threaded"
},
{
"name": "RHSA-2005:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-114.html"
},
{
"name": "RHSA-2005:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-015.html"
},
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FLSA:184074",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430302/100/0/threaded"
},
{
"name": "RHSA-2005:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-114.html"
},
{
"name": "RHSA-2005:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-015.html"
},
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FLSA:184074",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430302/100/0/threaded"
},
{
"name": "RHSA-2005:114",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-114.html"
},
{
"name": "RHSA-2005:015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-015.html"
},
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0297",
"datePublished": "2003-05-15T04:00:00.000Z",
"dateReserved": "2003-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:47.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5514 (GCVE-0-2008-5514)
Vulnerability from cvelistv5 – Published: 2008-12-23 18:13 – Updated: 2024-08-07 10:56
VLAI
Summary
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.washington.edu/imap/documentation/RELN… | x_refsource_CONFIRM |
| http://secunia.com/advisories/33275 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/32958 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/33638 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1021485 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=477227 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/3490 | vdb-entryx_refsource_VUPEN |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2008-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.washington.edu/imap/documentation/RELNOTES.html"
},
{
"name": "33275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33275"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32958"
},
{
"name": "33638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33638"
},
{
"name": "uwimapd-rfc822outputchar-dos(47526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"
},
{
"name": "1021485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021485"
},
{
"name": "FEDORA-2009-0371",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"
},
{
"name": "ADV-2008-3490",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3490"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.washington.edu/imap/documentation/RELNOTES.html"
},
{
"name": "33275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33275"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32958"
},
{
"name": "33638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33638"
},
{
"name": "uwimapd-rfc822outputchar-dos(47526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"
},
{
"name": "1021485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021485"
},
{
"name": "FEDORA-2009-0371",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"
},
{
"name": "ADV-2008-3490",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3490"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-5514",
"datePublished": "2008-12-23T18:13:00.000Z",
"dateReserved": "2008-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:47.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5005 (GCVE-0-2008-5005)
Vulnerability from cvelistv5 – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:40
VLAI
Summary
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
28 references
Date Public
2008-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10485",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://panda.com/imap/"
},
{
"name": "[oss-security] 20081103 CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
},
{
"name": "FEDORA-2008-9396",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.washington.edu/alpine/tmailbug.html"
},
{
"name": "4570",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4570"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "32483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32483"
},
{
"name": "32072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32072"
},
{
"name": "uwimapd-tmail-bo(46281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "FEDORA-2008-9383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
},
{
"name": "RHSA-2009:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
},
{
"name": "33996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33996"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
},
{
"name": "32512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32512"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
},
{
"name": "ADV-2008-3042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3042"
},
{
"name": "1021131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10485",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://panda.com/imap/"
},
{
"name": "[oss-security] 20081103 CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
},
{
"name": "FEDORA-2008-9396",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bitsec.com/en/rad/bsa-081103.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.washington.edu/alpine/tmailbug.html"
},
{
"name": "4570",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4570"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "32483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32483"
},
{
"name": "32072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32072"
},
{
"name": "uwimapd-tmail-bo(46281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "FEDORA-2008-9383",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
},
{
"name": "RHSA-2009:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
},
{
"name": "33996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33996"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
},
{
"name": "32512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32512"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
},
{
"name": "ADV-2008-3042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3042"
},
{
"name": "1021131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10485",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
},
{
"name": "http://panda.com/imap/",
"refsource": "CONFIRM",
"url": "http://panda.com/imap/"
},
{
"name": "[oss-security] 20081103 CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
},
{
"name": "FEDORA-2008-9396",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
},
{
"name": "http://www.bitsec.com/en/rad/bsa-081103.txt",
"refsource": "MISC",
"url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
},
{
"name": "http://www.bitsec.com/en/rad/bsa-081103.c",
"refsource": "MISC",
"url": "http://www.bitsec.com/en/rad/bsa-081103.c"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "http://www.washington.edu/alpine/tmailbug.html",
"refsource": "MISC",
"url": "http://www.washington.edu/alpine/tmailbug.html"
},
{
"name": "4570",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4570"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"refsource": "MLIST",
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
},
{
"name": "DSA-1685",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "32483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32483"
},
{
"name": "32072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32072"
},
{
"name": "uwimapd-tmail-bo(46281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
},
{
"name": "33142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33142"
},
{
"name": "FEDORA-2008-9383",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=469667",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
},
{
"name": "RHSA-2009:0275",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
},
{
"name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
},
{
"name": "[imap-uw] 20081031 Security bug in tmail and dmail",
"refsource": "MLIST",
"url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
},
{
"name": "33996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33996"
},
{
"name": "MDVSA-2009:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
},
{
"name": "32512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32512"
},
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
},
{
"name": "ADV-2008-3042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3042"
},
{
"name": "1021131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5005",
"datePublished": "2008-11-10T11:00:00.000Z",
"dateReserved": "2008-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:16.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5006 (GCVE-0-2008-5006)
Vulnerability from cvelistv5 – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:40
VLAI
Summary
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/11/03/5 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2008/dsa-1685 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32280 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/33142 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2008-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "imap-toolkit-smtp-dos(46604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"
},
{
"name": "32280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32280"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "DSA-1685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "imap-toolkit-smtp-dos(46604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"
},
{
"name": "32280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32280"
},
{
"name": "33142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33142"
},
{
"name": "MDVSA-2009:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081103 Re: CVE request - uw-imap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
},
{
"name": "DSA-1685",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1685"
},
{
"name": "imap-toolkit-smtp-dos(46604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"
},
{
"name": "32280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32280"
},
{
"name": "33142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33142"
},
{
"name": "MDVSA-2009:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5006",
"datePublished": "2008-11-10T11:00:00.000Z",
"dateReserved": "2008-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:40:16.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2325 (GCVE-0-2002-2325)
Vulnerability from cvelistv5 – Published: 2007-10-26 19:00 – Updated: 2024-09-16 17:58
VLAI
Summary
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9668.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/284086 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/5301 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pine-blank-boundary-dos(9668)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9668.php"
},
{
"name": "20020724 Denial of Service bug in Pine 4.44",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/284086"
},
{
"name": "5301",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pine-blank-boundary-dos(9668)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9668.php"
},
{
"name": "20020724 Denial of Service bug in Pine 4.44",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/284086"
},
{
"name": "5301",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pine-blank-boundary-dos(9668)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9668.php"
},
{
"name": "20020724 Denial of Service bug in Pine 4.44",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/284086"
},
{
"name": "5301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2325",
"datePublished": "2007-10-26T19:00:00.000Z",
"dateReserved": "2007-10-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:57.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1392 (GCVE-0-2006-1392)
Vulnerability from cvelistv5 – Published: 2006-03-26 23:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/24521 | vdb-entryx_refsource_OSVDB |
| http://pubcookie.org/news/20060306-login-secadv.html | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/337585 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/17221 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/19348 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pubcookie-login-server-xss(25427)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25427"
},
{
"name": "24521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pubcookie.org/news/20060306-login-secadv.html"
},
{
"name": "VU#337585",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/337585"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pubcookie-login-server-xss(25427)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25427"
},
{
"name": "24521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pubcookie.org/news/20060306-login-secadv.html"
},
{
"name": "VU#337585",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/337585"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pubcookie-login-server-xss(25427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25427"
},
{
"name": "24521",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24521"
},
{
"name": "http://pubcookie.org/news/20060306-login-secadv.html",
"refsource": "CONFIRM",
"url": "http://pubcookie.org/news/20060306-login-secadv.html"
},
{
"name": "VU#337585",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/337585"
},
{
"name": "17221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "19348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1392",
"datePublished": "2006-03-26T23:00:00.000Z",
"dateReserved": "2006-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:21.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1393 (GCVE-0-2006-1393)
Vulnerability from cvelistv5 – Published: 2006-03-26 23:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://pubcookie.org/news/20060306-apps-secadv.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/24103 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/17221 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/314540 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/19348 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "pubcookie-appserver-module-xss(25426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25426"
},
{
"name": "24103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24103"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "pubcookie-appserver-module-xss(25426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25426"
},
{
"name": "24103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24103"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pubcookie.org/news/20060306-apps-secadv.html",
"refsource": "CONFIRM",
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "pubcookie-appserver-module-xss(25426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25426"
},
{
"name": "24103",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24103"
},
{
"name": "17221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1393",
"datePublished": "2006-03-26T23:00:00.000Z",
"dateReserved": "2006-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:21.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1394 (GCVE-0-2006-1394)
Vulnerability from cvelistv5 – Published: 2006-03-26 23:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://pubcookie.org/news/20060306-apps-secadv.html | x_refsource_CONFIRM |
| http://www.osvdb.org/24520 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/17221 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/314540 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/19348 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "24520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24520"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "24520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24520"
},
{
"name": "17221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pubcookie.org/news/20060306-apps-secadv.html",
"refsource": "CONFIRM",
"url": "http://pubcookie.org/news/20060306-apps-secadv.html"
},
{
"name": "24520",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24520"
},
{
"name": "17221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17221"
},
{
"name": "VU#314540",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/314540"
},
{
"name": "19348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1394",
"datePublished": "2006-03-26T23:00:00.000Z",
"dateReserved": "2006-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:20.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2933 (GCVE-0-2005-2933)
Vulnerability from cvelistv5 – Published: 2005-10-13 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
44 references
Date Public
2005-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2005:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:194"
},
{
"name": "RHSA-2005:850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-850.html"
},
{
"name": "17950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17950"
},
{
"name": "21252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21252"
},
{
"name": "17276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17276"
},
{
"name": "17148",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17148"
},
{
"name": "20222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "18554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18554"
},
{
"name": "47",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/47"
},
{
"name": "17152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17152"
},
{
"name": "RHSA-2006:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "DSA-861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-861"
},
{
"name": "20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html"
},
{
"name": "17062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17062/"
},
{
"name": "oval:org.mitre.oval:def:9858",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858"
},
{
"name": "20051201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "15009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.washington.edu/imap/"
},
{
"name": "RHSA-2006:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "RHSA-2005:848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-848.html"
},
{
"name": "RHSA-2006:0549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20951"
},
{
"name": "20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=313\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "uw-imap-mailbox-name-bo(22518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "FLSA:170411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430296/100/0/threaded"
},
{
"name": "19832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17930",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17930"
},
{
"name": "1015000",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015000"
},
{
"name": "VU#933601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/933601"
},
{
"name": "GLSA-200510-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml"
},
{
"name": "SSA:2005-310-06",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.500161"
},
{
"name": "21564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21564"
},
{
"name": "FLSA:184098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430303/100/0/threaded"
},
{
"name": "MDKSA-2005:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:189"
},
{
"name": "17928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17928"
},
{
"name": "17336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17336"
},
{
"name": "ADV-2006-2685",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "17215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17215"
},
{
"name": "SUSE-SR:2005:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington\u0027s IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (\") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2005:194",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:194"
},
{
"name": "RHSA-2005:850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-850.html"
},
{
"name": "17950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17950"
},
{
"name": "21252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21252"
},
{
"name": "17276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17276"
},
{
"name": "17148",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17148"
},
{
"name": "20222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "18554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18554"
},
{
"name": "47",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/47"
},
{
"name": "17152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17152"
},
{
"name": "RHSA-2006:0276",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "DSA-861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-861"
},
{
"name": "20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html"
},
{
"name": "17062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17062/"
},
{
"name": "oval:org.mitre.oval:def:9858",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858"
},
{
"name": "20051201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "15009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.washington.edu/imap/"
},
{
"name": "RHSA-2006:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "RHSA-2005:848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-848.html"
},
{
"name": "RHSA-2006:0549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20951"
},
{
"name": "20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=313\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "uw-imap-mailbox-name-bo(22518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "FLSA:170411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430296/100/0/threaded"
},
{
"name": "19832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17930",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17930"
},
{
"name": "1015000",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015000"
},
{
"name": "VU#933601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/933601"
},
{
"name": "GLSA-200510-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml"
},
{
"name": "SSA:2005-310-06",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.500161"
},
{
"name": "21564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21564"
},
{
"name": "FLSA:184098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430303/100/0/threaded"
},
{
"name": "MDKSA-2005:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:189"
},
{
"name": "17928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17928"
},
{
"name": "17336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17336"
},
{
"name": "ADV-2006-2685",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "17215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17215"
},
{
"name": "SUSE-SR:2005:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington\u0027s IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (\") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2005:194",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:194"
},
{
"name": "RHSA-2005:850",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-850.html"
},
{
"name": "17950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17950"
},
{
"name": "21252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21252"
},
{
"name": "17276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17276"
},
{
"name": "17148",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17148"
},
{
"name": "20222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "18554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18554"
},
{
"name": "47",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/47"
},
{
"name": "17152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17152"
},
{
"name": "RHSA-2006:0276",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "DSA-861",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-861"
},
{
"name": "20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html"
},
{
"name": "17062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17062/"
},
{
"name": "oval:org.mitre.oval:def:9858",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858"
},
{
"name": "20051201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "15009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15009"
},
{
"name": "http://www.washington.edu/imap/",
"refsource": "CONFIRM",
"url": "http://www.washington.edu/imap/"
},
{
"name": "RHSA-2006:0501",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "RHSA-2005:848",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-848.html"
},
{
"name": "RHSA-2006:0549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20951"
},
{
"name": "20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=313\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "uw-imap-mailbox-name-bo(22518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22518"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "FLSA:170411",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430296/100/0/threaded"
},
{
"name": "19832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17930"
},
{
"name": "1015000",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015000"
},
{
"name": "VU#933601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/933601"
},
{
"name": "GLSA-200510-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml"
},
{
"name": "SSA:2005-310-06",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.500161"
},
{
"name": "21564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21564"
},
{
"name": "FLSA:184098",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430303/100/0/threaded"
},
{
"name": "MDKSA-2005:189",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:189"
},
{
"name": "17928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17928"
},
{
"name": "17336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17336"
},
{
"name": "ADV-2006-2685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "17215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17215"
},
{
"name": "SUSE-SR:2005:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2933",
"datePublished": "2005-10-13T04:00:00.000Z",
"dateReserved": "2005-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1903 (GCVE-0-2002-1903)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 22:21
VLAI
Summary
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9297.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/276029 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/4963 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pine-username-disclosure(9297)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9297.php"
},
{
"name": "20020607 Pine 4.44 Privacy Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/276029"
},
{
"name": "4963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pine-username-disclosure(9297)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9297.php"
},
{
"name": "20020607 Pine 4.44 Privacy Patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/276029"
},
{
"name": "4963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pine-username-disclosure(9297)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9297.php"
},
{
"name": "20020607 Pine 4.44 Privacy Patch",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276029"
},
{
"name": "4963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1903",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:08.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1782 (GCVE-0-2002-1782)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
VLAI
Summary
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/4909 | vdb-entryx_refsource_BID |
| http://www.security.nnov.ru/advisories/courier.asp | x_refsource_MISC |
| http://online.securityfocus.com/archive/1/275127 | mailing-listx_refsource_BUGTRAQ |
| http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2002-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:56.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.nnov.ru/advisories/courier.asp"
},
{
"name": "20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/275127"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1"
},
{
"name": "wuimapd-information-disclosure(9238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.nnov.ru/advisories/courier.asp"
},
{
"name": "20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/275127"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1"
},
{
"name": "wuimapd-information-disclosure(9238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4909"
},
{
"name": "http://www.security.nnov.ru/advisories/courier.asp",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/advisories/courier.asp"
},
{
"name": "20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/275127"
},
{
"name": "http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1",
"refsource": "CONFIRM",
"url": "http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1"
},
{
"name": "wuimapd-information-disclosure(9238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1782",
"datePublished": "2005-06-21T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:34:56.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1066 (GCVE-0-2005-1066)
Vulnerability from cvelistv5 – Published: 2005-04-12 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://msgs.securepoint.com/cgi-bin/get/bugtraq05… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/14899 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/15456 | vdb-entryx_refsource_OSVDB |
Date Public
2005-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050411 rpdump TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html"
},
{
"name": "14899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14899"
},
{
"name": "15456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050411 rpdump TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html"
},
{
"name": "14899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14899"
},
{
"name": "15456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050411 rpdump TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html"
},
{
"name": "14899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14899"
},
{
"name": "15456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1066",
"datePublished": "2005-04-12T04:00:00.000Z",
"dateReserved": "2005-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0198 (GCVE-0-2005-0198)
Vulnerability from cvelistv5 – Published: 2005-02-06 05:00 – Updated: 2024-08-07 21:05
VLAI
Summary
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.kb.cert.org/vuls/id/CRDY-68QSL5 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2005-128.html | vendor-advisoryx_refsource_REDHAT |
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| http://secunia.com/advisories/14097 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1013037 | vdb-entryx_refsource_SECTRACK |
| http://www.kb.cert.org/vuls/id/702777 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/14057 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/12391 | vdb-entryx_refsource_BID |
Date Public
2005-01-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11306",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11306",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11306",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"name": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0198",
"datePublished": "2005-02-06T05:00:00.000Z",
"dateReserved": "2005-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:05:25.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1320 (GCVE-0-2002-1320)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-270.html | vendor-advisoryx_refsource_REDHAT |
| http://www.linux-mandrake.com/en/security/2002/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.iss.net/security_center/static/10555.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6120 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=103668430620531&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.linuxsecurity.com/advisories/engarde_a… | vendor-advisoryx_refsource_ENGARDE |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://www.redhat.com/support/errata/RHSA-2002-271.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=103884988306241&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
Date Public
2002-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-270.html"
},
{
"name": "MDKSA-2002:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php"
},
{
"name": "pine-from-header-dos(10555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10555.php"
},
{
"name": "6120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6120"
},
{
"name": "20021107 Remote pine Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103668430620531\u0026w=2"
},
{
"name": "ESA-20021127-032",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html"
},
{
"name": "SuSE-SA:2002:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_046_pine.html"
},
{
"name": "RHSA-2002:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-271.html"
},
{
"name": "20021202 GLSA: pine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103884988306241\u0026w=2"
},
{
"name": "CLA-2002:551",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-270.html"
},
{
"name": "MDKSA-2002:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php"
},
{
"name": "pine-from-header-dos(10555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10555.php"
},
{
"name": "6120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6120"
},
{
"name": "20021107 Remote pine Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103668430620531\u0026w=2"
},
{
"name": "ESA-20021127-032",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html"
},
{
"name": "SuSE-SA:2002:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_046_pine.html"
},
{
"name": "RHSA-2002:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-271.html"
},
{
"name": "20021202 GLSA: pine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103884988306241\u0026w=2"
},
{
"name": "CLA-2002:551",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:270",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-270.html"
},
{
"name": "MDKSA-2002:084",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php"
},
{
"name": "pine-from-header-dos(10555)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10555.php"
},
{
"name": "6120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6120"
},
{
"name": "20021107 Remote pine Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103668430620531\u0026w=2"
},
{
"name": "ESA-20021127-032",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html"
},
{
"name": "SuSE-SA:2002:046",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_046_pine.html"
},
{
"name": "RHSA-2002:271",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-271.html"
},
{
"name": "20021202 GLSA: pine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103884988306241\u0026w=2"
},
{
"name": "CLA-2002:551",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1320",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0721 (GCVE-0-2003-0721)
Vulnerability from cvelistv5 – Published: 2003-09-12 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-274.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=106329356702508&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=106367213400313&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2003-273.html | vendor-advisoryx_refsource_REDHAT |
| http://www.idefense.com/advisory/09.10.03.txt | third-party-advisoryx_refsource_IDEFENSE |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2003-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "20030915 remote Pine \u003c= 4.56 exploit fully automatic",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106367213400313\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "20030910 Two Exploitable Overflows in PINE",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030911 Pine: .procmailrc rule against integer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html"
},
{
"name": "oval:org.mitre.oval:def:503",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "20030915 remote Pine \u003c= 4.56 exploit fully automatic",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106367213400313\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "20030910 Two Exploitable Overflows in PINE",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030911 Pine: .procmailrc rule against integer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html"
},
{
"name": "oval:org.mitre.oval:def:503",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:274",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "20030915 remote Pine \u003c= 4.56 exploit fully automatic",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106367213400313\u0026w=2"
},
{
"name": "RHSA-2003:273",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "20030910 Two Exploitable Overflows in PINE",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030911 Pine: .procmailrc rule against integer overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html"
},
{
"name": "oval:org.mitre.oval:def:503",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0721",
"datePublished": "2003-09-12T04:00:00.000Z",
"dateReserved": "2003-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0720 (GCVE-0-2003-0720)
Vulnerability from cvelistv5 – Published: 2003-09-12 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-274.html | vendor-advisoryx_refsource_REDHAT |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://marc.info/?l=bugtraq&m=106329356702508&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2003-273.html | vendor-advisoryx_refsource_REDHAT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.idefense.com/advisory/09.10.03.txt | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=106322571805153&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "oval:org.mitre.oval:def:499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322571805153\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "RHSA-2003:273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "oval:org.mitre.oval:def:499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106322571805153\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:274",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-274.html"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html"
},
{
"name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106329356702508\u0026w=2"
},
{
"name": "RHSA-2003:273",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-273.html"
},
{
"name": "oval:org.mitre.oval:def:499",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499"
},
{
"name": "http://www.idefense.com/advisory/09.10.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/09.10.03.txt"
},
{
"name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106322571805153\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0720",
"datePublished": "2003-09-12T04:00:00.000Z",
"dateReserved": "2003-09-02T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0300 (GCVE-0-2003-0300)
Vulnerability from cvelistv5 – Published: 2003-05-15 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0300",
"datePublished": "2003-05-15T04:00:00.000Z",
"dateReserved": "2003-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:47.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0297 (GCVE-0-2003-0297)
Vulnerability from cvelistv5 – Published: 2003-05-15 04:00 – Updated: 2024-08-08 01:50
VLAI
Summary
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/430302/100… | vendor-advisoryx_refsource_FEDORA |
| http://www.redhat.com/support/errata/RHSA-2005-114.html | vendor-advisoryx_refsource_REDHAT |
| http://www.redhat.com/support/errata/RHSA-2005-015.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FLSA:184074",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430302/100/0/threaded"
},
{
"name": "RHSA-2005:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-114.html"
},
{
"name": "RHSA-2005:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-015.html"
},
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FLSA:184074",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430302/100/0/threaded"
},
{
"name": "RHSA-2005:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-114.html"
},
{
"name": "RHSA-2005:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-015.html"
},
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FLSA:184074",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430302/100/0/threaded"
},
{
"name": "RHSA-2005:114",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-114.html"
},
{
"name": "RHSA-2005:015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-015.html"
},
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0297",
"datePublished": "2003-05-15T04:00:00.000Z",
"dateReserved": "2003-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:50:47.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}