HOMEVULNERABILITIESVENDORSDouble Precision Incorporated

Double Precision IncorporatedCVEs & Vulnerabilities

8 CVEs affecting Double Precision Incorporated products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

courier mta 17courier mail server 16courier-imap 8sqwebmail 5
CVE-2007-2173CRITICAL

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

24 Apr 2007
10.0
CVSS
CVE-2006-2659HIGH

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

30 May 2006
7.8
CVSS
CVE-2005-3532HIGH

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.

11 Dec 2005
7.5
CVSS
CVE-2005-2151MEDIUM

spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.

6 Jul 2005
5.0
CVSS
CVE-2004-0224HIGH

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

15 Apr 2004
7.5
CVSS
CVE-2003-0040HIGH

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

19 Feb 2003
7.5
CVSS
CVE-2002-1311MEDIUM

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

29 Nov 2002
4.6
CVSS
CVE-2002-0914MEDIUM

Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.

4 Oct 2002
5.0
CVSS
← PrevPage 1 / 1Next →