CVE-2008-1199
- EPSS 0.04%
- Veröffentlicht 06.03.2008 21:44:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s...
CVE-2007-6598
- EPSS 2.53%
- Veröffentlicht 04.01.2008 02:46:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
- EPSS 1.43%
- Veröffentlicht 08.08.2007 02:17:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
CVE-2007-2231
- EPSS 1.14%
- Veröffentlicht 25.04.2007 15:19:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.