17 matches found
[SECURITY] Fedora 42 Update: exim-4.99.1-1.fc42
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
Vulnerabilities fixed in Exim
Exim has fixed vulnerabilities in Exim MTA. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to system/data data Exim has released updates to fix the vulnerabilities in Exim...
[SECURITY] Fedora 34 Update: exim-4.94.2-1.fc34
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)
The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...
Exim MTA Vulnerability (The Return of the WIZard – CVE-2019-10149)
Last week, Qualys issued a security advisory for a vulnerability we discovered during a code review of Exim. This vulnerability can lead to Remote Command Injection, and is currently being actively attacked in the wild. This blog will show you how to quickly identify assets that are impacted by...
[SECURITY] Fedora 26 Update: exim-4.90.1-3.fc26
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
[SECURITY] Fedora 26 Update: exim-4.89-7.fc26
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
!/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE : CVE-2016-10033,CVE-2016-10074,CVE-2016-10034,CVE-2016-10045 @phacktul -...
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...
WordPress PHPMailer Host Header Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress PHPMailer Host Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in WordPress version...
[SECURITY] Fedora 19 Update: exim-4.80.1-4.fc19
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
[oss-security] Fwd: [exim-announce] Exim 4.82.1 Security Release
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Short version: Exim MTA, CVE-2014-2957, remote code execution based on email header content when built with the EXPERIMENTALDMARC option. Flaw introduced with that option in Exim 4.82, which was previously the current release; no prior releases...
Exim with Dovecot LDA sender_address Parameter Remote Command Execution
A remote command execution vulnerability exist in Exim MTA that uses the Dovecot as the Local Delivery Agent LDA. The vulnerability is due to the dangerous configuration in Dovecot suggesting the "useshell" option. A remote attacker could exploit this vulnerability by sending a malicious...
Exim MTA string_format Remote Code Execution (CVE-2010-4344)
The Exim mail server is a full featured mail transfer agent MTA used in Unix-like platforms. It contains implementations of SMTP server for incoming messages as well ,as a SMTP or LMTP client for incoming email. A heap buffer overflow vulnerability has been reported in Exim Mail Transfer Agent MT...
USN-1032-1: Exim vulnerability
Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges...