UBUNTU-CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...

UBUNTU-CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

UBUNTU-CVE-2017-5616

Cross-site scripting XSS vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter...

CVE-2017-5614

Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the 1 success or 2 failure parameter...

CVE-2017-5613

CVE-2017-5613 affects the cgiemail and cgiecho CGI programs. A format-string vulnerability in template handling allows a local attacker with template-file access to execute code as the webserver user. Debian fixed this in package cgiemail 1.6-37+deb7u1 (DLA-869-1) by restricting format strings to...

CVE-2017-5614

The CVE-2017-5614 issue is an Open Redirect vulnerability in the cgiemail and cgiecho binaries caused by improper handling of the success and failure parameters, enabling an attacker to redirect users to arbitrary URLs and potentially facilitate phishing. Connected sources confirm this vector and...

CVE-2017-5615

CVE-2017-5615 affects the cgiemail and cgiecho binaries, enabling HTTP header injection by supplying a newline in the redirect location. Public references describe an open redirect and header-injection combination across related CVEs in the same package. The Debian advisory (DLA-869-1) fixes the ...

CVE-2017-5616

CVE-2017-5616 is a reflected XSS vulnerability in the CGI programs cgiemail and cgiecho, exploitable via the addendum parameter. The issue arises from missing escaping of the addendum data, allowing attackers to inject arbitrary HTML/JavaScript into the response. Affects implementations of cgiema...

CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...

CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

cgiemail and cgiecho cross-site scripting vulnerabilities

cPanel is a Web-based hosting control management system from the U.S. company cPanel. The management system is mainly used to automate the control of web sites and servers. cgiemail is one of the mail servers. A cross-site scripting vulnerability exists in cgiemail and cgiecho. An attacker can...

cgiemail and cgiecho open redirect vulnerabilities

cPanel is a Web-based hosting control management system from the U.S. company cPanel. The management system is mainly used to automate the control of web sites and servers. cgiemail is one of the mail servers. An open redirection vulnerability exists in cgiemail and cgiecho. An attacker can explo...

cgiemail and cgiecho HTTP Header Injection Vulnerabilities

cPanel is a Web-based hosting control management system from the U.S. company cPanel. The management system is mainly used to automate the control of web sites and servers. cgiemail is one of the mail servers. An HTTP header injection vulnerability exists in cgiemail and cgiecho. An attacker can...

Cgiemail 1.6 Source Code Disclosure

!/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script included with cgiemail will return any...

Cgiemail 1.6 - Source Code Disclosure

Cgiemail 1.6 - Source Code Disclosure !/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script...

CGIEmail 1.6 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6141/info A vulnerability has been discovered in CGIEmail. It should be noted that this vulnerability exists only if the server allows queries to remote hosts. A remotely exploitable buffer overflow has been discovered in...

Debian Security Advisory DSA 437-1 (cgiemail)

The remote host is missing an update to cgiemail announced via advisory DSA 437-1. OpenVAS Vulnerability Test $Id: deb4371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 437-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-437)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability

The remote host seems to be vulnerable to a security problem in CGIEmail cgicso. The vulnerability is caused by inadequate processing of queries by CGIEmail SPDX-FileCopyrightText: 2001 Noam Rathaus SPDX-FileCopyrightText: 2001 SecurITeam Some text descriptions might be excerpted from a reference...

CGIEmail's Cross Site Scripting Vulnerability (cgicso)

The remote web server contains the SPDX-FileCopyrightText: 2001 SecurITeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10780";...