CVE-2017-7692

creationtimestamp| type| source ---|---|--- 2025-03-20 02:24:07+00:00| published-proof-of-concept| Telegram/z2L8bsoZ0V1zjNmM98wIDnZB7BChWxhkyhMVbyAU1quTlg...

SUSE CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

Debian: Security Advisory (DLA-941-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : squirrelmail (2017-a7161eb173)

fix insufficient escaping of user-supplied data CVE-2017-7692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 25 : squirrelmail (2017-f85c37ae3d)

fix insufficient escaping of user-supplied data CVE-2017-7692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 24 : squirrelmail (2017-0b6da97aa5)

fix insufficient escaping of user-supplied data CVE-2017-7692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] [DLA 941-1] squirrelmail security update

Package : squirrelmail Version : 2:1.4.23svn20120406-2+deb7u1 CVE ID : CVE-2017-7692 Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. For...

Debian DSA-3852-1 : squirrelmail - security update

Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

[SECURITY] [DSA 3852-1] squirrelmail security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3852-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 13, 2017 https://www.debian.org/security/faq -...

MGASA-2017-0121 Updated squirrelmail packages fix security vulnerability

Squirrelmail version 1.4.22 and probably prior is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server CVE-2017-7692...

SquirrelMail < 1.4.22 - Remote Code Execution

!/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh ver. 1.1 Discovered and coded by Dawid Golunski...

CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

CVE-2017-5181

CVE-2017-7692 affects SquirrelMail webmail (

CVE-2017-7692

CVE-2017-7692 affects SquirrelMail up to 1.4.22 (and likely older in SVN builds) where the sendmail delivery path mishandles a user-controlled sendmail.cf via a popen call. The root cause is the use of escapeshellcmd() in Deliver_SendMail.class.php/initStream, which fails to escape spaces, enabli...

Squirrelmail 1.4.22 Remote Code Execution

Advisory ID: SGMA17-001 Title: Squirrelmail Remote Code Execution Product: Squirrelmail Version: 1.4.22 and probably prior Vendor: squirrelmail.org Type: Command Injection Risk level: 4 / 5 Credit: [email protected] CVE: CVE-2017-7692 Vendor notification: 2017-04-04 Vendor fix:...