Bron Gondwana

3 exploits Active since Aug 2017
CVE-2017-12843 WRITEUP MEDIUM WRITEUP
Cyrus IMAP < 3.0.3 - Authenticated Arbitrary File Write via SYNCAPPLY, SYNCGET, or SYNCRESTORE Command
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
CVSS 6.5
CVE-2017-12843 WRITEUP MEDIUM WRITEUP
Cyrus IMAP < 3.0.3 - Authenticated Arbitrary File Write via SYNCAPPLY, SYNCGET, or SYNCRESTORE Command
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
CVSS 6.5
CVE-2017-14230 WRITEUP CRITICAL WRITEUP
Cyrus IMAP <3.0.4 - Info Disclosure
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
CVSS 9.1