GHSA-WFRJ-QQC2-83CM Remote command injection when using sendmail email transport

Impact Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used. Patches Fixed in...

Remote command injection when using sendmail email transport

Impact Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used. Patches Fixed in...

Argument injection in lettre

Impact Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation original sendmail, postfix, exim, etc. it could be possible in some cases to...

GHSA-VC2P-R46X-M3VX Argument injection in lettre

Impact Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation original sendmail, postfix, exim, etc. it could be possible in some cases to...

Exploit for CVE-2021-38817

CVE-2021-38817-Remote-OS-Command-Injection Authenticated Remot...

Advisory ROSA-SA-2021-1969

Software: sendmail 8.14.7 OS: Cobalt 7.9 CVE-ID: CVE-2014-3956 CVE-Crit: CRITICAL CVE-DESC: The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order and therefore misses setting expected FDCLOEXEC flags, which allows local users to access unintended file...

shadowbroker

This repository contains a collection of exploits and tools, including the "EARLYSHOVEL" exploit for RedHat 7.0-7.1 Sendmail 8.11.x, the "EBBISLAND EBBSHAVE" exploit for Solaris 6, 7, 8, 9 & 10, and the "ECHOWRECKER" exploit for remote Samba 3.0.x Linux. The repository also includes a payload...

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

Foreman 操作系统命令注入漏洞

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. An operating system command injection vulnerability exists in Foreman, which allows an authenticated attacker to override...

SUSE: Security Advisory (SUSE-SU-2014:0872-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sendmail bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

sendmail bug fix and enhancement update

An update is available for sendmail. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpris...

ALBA-2021:1858 sendmail bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Command Injection

Overview nodemailer before version 6.4.16 is vulnerable to command injection. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. Recommendation Upgrade to version 6.4.16 or later References - CVE - GitHub Advisory...

Command injection in nodemailer

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

GHSA-48WW-J4FC-435P Command injection in nodemailer

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for exim (FEDORA-2021-4eaf89b133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for exim (FEDORA-2021-4eaf89b133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: exim-4.94-7.fc34

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...