Qpopper < 3.0.2 LIST Command Local Overflow

medium Nessus Plugin ID 10197


Arbitrary code may be run on the remote server.


There is a vulnerability in the Qpopper 3.0b package that allows users with a valid account to gain a shell on the system


Upgrade to version 3.0.2 or newer

Plugin Details

Severity: Medium

ID: 10197

File Name: qpopper_list.nasl

Version: 1.31

Type: remote

Family: Misc.

Published: 1/27/2000

Updated: 7/25/2018

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: pop3/login, pop3/password, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/26/2000

Reference Information

CVE: CVE-2000-0096

BID: 948