Vulnerabilities > Mailscanner

DATE CVE VULNERABILITY TITLE RISK
2019-11-12 CVE-2010-3292 Missing Encryption of Sensitive Data vulnerability in Mailscanner 4.79.112
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
local
low complexity
mailscanner CWE-311
2.1
2019-11-12 CVE-2010-3095 Link Following vulnerability in Mailscanner
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files.
3.3
2019-10-28 CVE-2010-3293 Improper Input Validation vulnerability in Mailscanner
mailscanner can allow local users to prevent virus signatures from being updated
local
low complexity
mailscanner CWE-20
2.1
2009-01-28 CVE-2008-5991 Path Traversal vulnerability in Mailwatch
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
mailscanner mailwatch CWE-22
7.5
2008-12-03 CVE-2008-5313 Link Following vulnerability in Mailscanner
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file.
6.9
2008-12-03 CVE-2008-5312 Link Following vulnerability in Mailscanner
mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140.
6.9
2005-11-02 CVE-2005-3471 Directory Traversal vulnerability in MailWatch for MailScanner
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.
network
low complexity
mailscanner
5.0
2005-11-02 CVE-2005-3470 SQL Injection vulnerability in Mailscanner 1.0.2
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.
network
low complexity
mailscanner
7.5
2005-05-24 CVE-2005-1706 Security Bypass vulnerability in MailScanner
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
network
low complexity
mailscanner
7.5
2002-12-31 CVE-2002-2228 Improper Input Validation vulnerability in Mailscanner
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
network
low complexity
mailscanner CWE-20
6.4