foreman: Authenticate remote code execution through Sendmail configuration

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

CVE-2021-40643

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page by default/usr/sbin/sendmail it is possible to execute any command, which will be executed when we make...

CVE-2021-40643

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page by default/usr/sbin/sendmail it is possible to execute any command, which will be executed when we make...

Remote code execution

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page by default/usr/sbin/sendmail it is possible to execute any command, which will be executed when we make...

CVE-2021-40643

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page by default/usr/sbin/sendmail it is possible to execute any command, which will be executed when we make...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in ZZCMS 2019 version, which can be exploited by an attacker to perform a SQL injection attack via the id parameter in /admin/ztliuyansendmail.php...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in ZZCMS 2019 version, which can be exploited by an attacker to perform a SQL injection attack via the id parameter in /admin/dlsendmail.php...

new packages: sendmail

An update is available for sendmail. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpris...

CodeIgniter arbitrary code execution

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

zend-mail remote code execution via Sendmail adapter

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...

GHSA-R9MW-GWX9-V3H5 zend-mail remote code execution via Sendmail adapter

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...

Authenticated RCE through /admin/settings/email endpoint

Description Craftcms is vulnerable to Command Injection on the email settings, on the /admin/settings/email endpoint. An attacker can send a POST request with a specially crafted transportTypescraft\mail\transportadapters\Sendmailcommand= parameter to inject arbitrary commands that will be execut...

Critical Photon OS Security Update - PHSA-2022-4.0-0173

Updates of 'sendmail', 'lua' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2022-0173

Updates of 'sendmail', 'lua' packages of Photon OS have been released...

Slackware: Security Advisory (SSA:2014-156-04)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2022-0382

Updates of 'xz', 'gzip', 'nginx', 'sendmail' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-3.0-0382

Updates of 'gzip', 'sendmail', 'nginx', 'xz' packages of Photon OS have been released...

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

Input validation

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...