Vulnerabilities > Dovecot > Dovecot > 1.0.9

DATE CVE VULNERABILITY TITLE RISK
2008-12-01 CVE-2008-5301 Path Traversal vulnerability in Dovecot
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
network
low complexity
dovecot CWE-22
6.4
6.4
2008-10-15 CVE-2008-4578 Permissions, Privileges, and Access Controls vulnerability in Dovecot
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
network
low complexity
dovecot CWE-264
5.0
5.0
2008-03-06 CVE-2008-1199 Configuration vulnerability in Dovecot
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
local
dovecot CWE-16
4.4
4.4