1631 matches found
SquirrelMail Remote Code Execution Vulnerability Patched
Developers behind the PHP-based webmail package SquirrelMail patched a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the system on Thursday. Dawid Golunski, a researcher with Legal Hackers discovered the vulnerability and...
SquirrelMail 1.4.22 - Remote Code Execution
SquirrelMail 1.4.22 - Remote Code Execution !/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh...
SquirrelMail 1.4.22 Remote Code Execution
/ / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Follow @dawidgolunski ExploitBox.io Interested in security / vulns / exploits ? Check out the new project of the author of this advisory: ExploitBox.io A Playground &...
SquirrelMail < 1.4.22 - Remote Code Execution
!/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh ver. 1.1 Discovered and coded by Dawid Golunski...
Squirrelmail 1.4.22 Remote Code Execution (CVE-2017-7692)
Squirrelmail version 1.4.22 and probably prior is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in...
SquirrelMail < 1.4.23 Multiple Vulnerabilities
SquirrelMail is prone to authenticated remote code execution RCE and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2017-7692
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
Design/Logic Flaw
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
UBUNTU-CVE-2017-7692
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
CVE-2017-7692
CVE-2017-7692 affects SquirrelMail up to 1.4.22 (and likely older in SVN builds) where the sendmail delivery path mishandles a user-controlled sendmail.cf via a popen call. The root cause is the use of escapeshellcmd() in Deliver_SendMail.class.php/initStream, which fails to escape spaces, enabli...
Squirrelmail Remote Code Execution Vulnerability
SquirrelMail is a PHP-based WEB mail service program . A remote code execution vulnerability exists in DeliverSendMail.class.php in the initStream function of Squirrelmail, due to escapeshellcmd not escaping space characters. An attacker could use the vulnerability to execute arbitrary code over...
PT-2017-17890
Name of the Vulnerable Software and Affected Versions SquirrelMail versions prior to 20170427 0200-SVN Description The issue allows post-authentication remote code execution via a mishandled sendmail.cf file in a popen call. This can be exploited to execute arbitrary shell commands on the remote...
Squirrelmail 1.4.22 Remote Code Execution
Advisory ID: SGMA17-001 Title: Squirrelmail Remote Code Execution Product: Squirrelmail Version: 1.4.22 and probably prior Vendor: squirrelmail.org Type: Command Injection Risk level: 4 / 5 Credit: [email protected] CVE: CVE-2017-7692 Vendor notification: 2017-04-04 Vendor fix:...
SquirrelMail Remote Code Execution Vulnerability
SquirrelMail is a PHP-based WEB mail service program . A remote code execution vulnerability exists in SquirrelMail 1.4.22 and earlier versions, which allows an attacker to inject specific parameters into a malicious Sendmail configuration file when using Sendmail, and then upload it as an...
SysGauge 1.5.18 Buffer Overflow
Exploit Title: SysGauge 1.5.18 a buffer overflow in SMTP connection verification function leads to code execution Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.sysgauge.com/setups/sysgaugesetupv1.5.18.exe Version: 1.5.18 Test...
Updated php-ZendFramework2 packages fix security vulnerability
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...
MGASA-2017-0016 Updated php-ZendFramework2 packages fix security vulnerability
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...
Code injection
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...
CVE-2016-10131
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...
PHPMailer Sendmail Argument Injection Exploit
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a...