Double Precision Incorporated: >> Courier Mta >> 0.37.3 Security Vulnerabilities
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
CVSS Score
7.8
EPSS Score
0.029
Published
2006-05-30
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
CVSS Score
7.5
EPSS Score
0.005
Published
2003-02-19
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-11-29