Roundcube -- arbitrary command execution

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

SQL injection vulnerability in the webappcode parameter of sendmail.jsp page of government information system of Fujian Xingyu Information Technology Co.

The open government information platform is a WEB system that strengthens the construction and management of open government information through informatization means. There is a SQL injection vulnerability in this product, the vulnerability URL is: http://target/cms/cms/infopub/sendmail.jsp, the...

FreeBSD : FreeBSD -- sendmail improper close-on-exec flag handling (6d9eadaf-6007-11e6-a6c3-14dae9d210b8)

There is a programming error in sendmail8 that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. Impact : A local user who can execute their own program for mail delivery will be able...

Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap and pop3d on AIX,Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap and pop3d on AIX,Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap and pop3d on VIOS,Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap pop3d ftp/ftpd and ndpd-host/ndpd-router on AIX

nettcpadvisory2.asc: Version 4 Version 4 Issued: Thu Oct 20 10:56:28 CDT 2016 Version 4 Changes: New iFixes provided for AIX 5.3.12.9, 6.1.9.5, 6.1.9.6, 7.1.3.5, and 7.1.3.6. For security reasons, it is highly recommended to install these new iFixes. Bulletin scope increased to include ftp/ftpd a...

The vulnerability of the SendMail SMTP server software allows a malicious individual to compromise the confidentiality of protected information.

A vulnerability exists in the smcloseonexec function in the conf.c file of the Sendmail software, due to incorrect argument order and the absence of the expected FDCLOEXEC flag. Exploiting this vulnerability allows local users to access file descriptors with high values, by using a specially...

Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation

Exploit for linux platform in category local exploits / -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello List, This is just a minor issue in Exim, no replies so far, so publication should be OK. Introduction: ============ Exim4 in some variants is started as root but switches to uid/gid...

[SECURITY] Fedora 23 Update: opensmtpd-5.7.3p1-1.fc23

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

CVE-2006-7175

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired...

CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service crash via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of...

CVE-2006-1014

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mbsendmail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X...

CVE-2006-1015

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE...

Oracle: Security Advisory (ELSA-2010-0237)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201412-32

Gentoo Linux Local Security Checks GLSA 201412-32 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

AIX 5.3 TL 12 : sendmail (IV75967) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

AIX 6.1 TL 9 : sendmail (IV75643) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

AIX 6.1 TL 8 : sendmail (IV75644) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

AIX 7.1 TL 2 : sendmail (IV75645) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

Vulnerability in Diffie-Hellman ciphers affects sendmail on AIX,Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS

IBM SECURITY ADVISORY First Issued: Fri Aug 7 15:15:59 CDT 2015 |Updated: Tue Aug 18 09:19:51 CDT 2015 |Update: Added AIX 5.3 vulnerability information The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/sendmailadvisory2.asc...

OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Quicker loading of IP-MIB::ipAddrTable 1191393 - Quicker loading of IP-MIB::ipAddressTable 1191393 - Fixed snmptrapd crash when '-OQ' paramete...

Vulnerability in SSLv3 affects AIX,Vulnerability in SSLv3 affects VIOS

IBM SECURITY ADVISORY First Issued: Wed Jun 17 09:52:06 CDT 2015 |Updated: Tue Mar 1 10:07:14 CST 2016 |Update: Modified the impacted upper level fileset for 7.1.3 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/nettcpadvisory.asc...