MidnightBSD

Advisories for neo

CVE-2018-0680 HIGH

Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *
CVE-2018-0681 HIGH

Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *
CVE-2018-0682 HIGH

Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *
CVE-2018-0683 HIGH

Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *
CVE-2018-0684 HIGH

Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *
CVE-2018-0685 MEDIUM

SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
neo debun_pop *
CVE-2018-0686 MEDIUM

Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *
CVE-2018-0687 MEDIUM

Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
neo debun_pop *
neo debun_imap *