Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mailscanner Subscribe
Filtered by product Mailscanner
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3095 1 Mailscanner 1 Mailscanner 2019-11-14 3.3 LOW 4.7 MEDIUM
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
CVE-2010-3292 1 Mailscanner 1 Mailscanner 2019-11-14 2.1 LOW 5.5 MEDIUM
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
CVE-2010-3293 1 Mailscanner 1 Mailscanner 2019-10-30 2.1 LOW 5.5 MEDIUM
mailscanner can allow local users to prevent virus signatures from being updated
CVE-2008-5991 2 Mailscanner, Mailwatch 2 Mailscanner, Mailwatch 2017-09-28 7.5 HIGH N/A
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter.
CVE-2005-3470 1 Mailscanner 1 Mailscanner 2017-07-10 7.5 HIGH N/A
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.
CVE-2005-3471 1 Mailscanner 1 Mailscanner 2011-03-07 5.0 MEDIUM N/A
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.
CVE-2008-5313 1 Mailscanner 1 Mailscanner 2010-12-27 6.9 MEDIUM N/A
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file.
CVE-2008-5312 1 Mailscanner 1 Mailscanner 2010-12-27 6.9 MEDIUM N/A
mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140.
CVE-2005-1706 1 Mailscanner 1 Mailscanner 2008-09-05 7.5 HIGH N/A
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
CVE-2002-2228 1 Mailscanner 1 Mailscanner 2008-09-05 6.4 MEDIUM N/A
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.