Vulnerabilities > Double Precision Incorporated

DATE CVE VULNERABILITY TITLE RISK
2007-04-24 CVE-2007-2173 Unspecified vulnerability in Double Precision Incorporated Courier-Imap
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
network
low complexity
gentoo double-precision-incorporated
critical
10.0
2006-05-30 CVE-2006-2659 Remote Denial Of Service vulnerability in Courier Mail Server Username Encoding
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
network
low complexity
double-precision-incorporated
7.8
2005-12-11 CVE-2005-3532 Unspecified vulnerability in Double Precision Incorporated Courier Mail Server
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
network
low complexity
double-precision-incorporated
7.5
2005-07-06 CVE-2005-2151 Unspecified vulnerability in Double Precision Incorporated Courier Mail Server
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
network
low complexity
double-precision-incorporated
5.0
2004-04-15 CVE-2004-0224 Remote Buffer Overflow vulnerability in Courier
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
7.5
2003-02-19 CVE-2003-0040 SQL Injection vulnerability in Courier-IMAP Username
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
network
low complexity
double-precision-incorporated inter7
7.5
2002-11-29 CVE-2002-1311 Unspecified vulnerability in Double Precision Incorporated Courier MTA 0.37.3/0.40
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
local
low complexity
double-precision-incorporated
4.6
2002-10-04 CVE-2002-0914 Remote Resource Consumption vulnerability in Double Precision Incorporated Courier MTA 0.38.1
Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
network
low complexity
double-precision-incorporated
5.0