Symantec: >> Brightmail Antispam >> 6.0.1 Security Vulnerabilities
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
CVSS Score
9.3
EPSS Score
0.108
Published
2007-10-05
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
CVSS Score
9.3
EPSS Score
0.024
Published
2007-10-05
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
CVSS Score
7.6
EPSS Score
0.014
Published
2006-08-07
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
CVSS Score
5.0
EPSS Score
0.011
Published
2006-08-07
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.
CVSS Score
5.0
EPSS Score
0.016
Published
2005-12-31
Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.011
Published
2005-06-09
The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters.
CVSS Score
5.0
EPSS Score
0.016
Published
2004-12-17