← Back

Vpopmail Vchkpw

vpopmail_vchkpw

Vendor: Inter7 • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2006-2346
1Inter7
1Vpopmail Vchkpw
Apr 16, 2026
May 12, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.
CVE-2000-0583
1Inter7
1Vpopmail Vchkpw
Apr 16, 2026
Jun 30, 2000
N/A· v4
N/A· v3
5.0 MEDIUM· v2
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that cont...Show more
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.Show less