Lucene search
+L

19 matches found

OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-4875-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.5AI score0.98946EPSS
Exploits41References4
Ubuntu
Ubuntu
added 2021/03/15 11:6 p.m.55 views

USN-4875-1: OpenSMTPD vulnerabilities

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...

10CVSS7.9AI score0.98946EPSS
Exploits41
Check Point Advisories
Check Point Advisories
added 2020/03/15 12:0 a.m.47 views

OpenSMTPD Remote Code Execution (CVE-2020-8794)

A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.3AI score0.889EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/03/09 12:0 a.m.185 views

OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS9.6AI score0.889EPSS
Exploits10
0day.today
0day.today
added 2020/03/06 12:0 a.m.391 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...

10CVSS0.4AI score0.889EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.30 views

Ubuntu 18.04 LTS : OpenSMTPD vulnerabilities (USN-4294-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4294-1 advisory. It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell...

10CVSS7.9AI score0.889EPSS
Exploits14References3
Packet Storm
Packet Storm
added 2020/03/05 12:0 a.m.119 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS0.4AI score0.889EPSS
Exploits10
Metasploit
Metasploit
added 2020/03/03 11:41 p.m.59 views

OpenSMTPD OOB Read Local Privilege Escalation

This module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.5AI score0.889EPSS
Exploits10
ArchLinux
ArchLinux
added 2020/02/29 12:0 a.m.35 views

[ASA-202002-13] opensmtpd: arbitrary command execution

Arch Linux Security Advisory ASA-202002-13 ========================================== Severity: Critical Date : 2020-02-29 CVE-ID : CVE-2020-8794 Package : opensmtpd Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1105 Summary ======= The package opensmtp...

10CVSS2.5AI score0.889EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2020/02/27 12:0 a.m.29 views

Debian DSA-4634-1 : opensmtpd - security update

Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

10CVSS8.9AI score0.889EPSS
Exploits10References4
Debian
Debian
added 2020/02/26 9:34 p.m.76 views

[SECURITY] [DSA 4634-1] opensmtpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4634-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 26, 2020 https://www.debian.org/security/faq -...

10CVSS9.5AI score0.889EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/02/26 12:0 a.m.181 views

OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution

/ LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...

10CVSS9.6AI score0.889EPSS
Exploits10
exploitpack
exploitpack
added 2020/02/26 12:0 a.m.113 views

OpenSMTPD 6.6.3p1 - Local Privilege Escalation + Remote Code Execution

OpenSMTPD 6.6.3p1 - Local Privilege Escalation + Remote Code Execution / LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by...

10CVSS0.5AI score0.889EPSS
Exploits10
0day.today
0day.today
added 2020/02/26 12:0 a.m.843 views

OpenSMTPD < 6.6.3p1 - Local Privilege Escalation / Remote Code Execution Exploit

/ LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...

10CVSS0.4AI score0.889EPSS
Exploits10
OSV
OSV
added 2020/02/25 5:15 p.m.21 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

9.8CVSS9.6AI score
Exploits0References11
UbuntuCve
UbuntuCve
added 2020/02/25 5:15 p.m.27 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS7.9AI score0.889EPSS
Exploits10References3
CVE
CVE
added 2020/02/25 4:38 p.m.353 views

CVE-2020-8794

OpenSMTPD (vulnerable in 6.6.3p1 and earlier; fixed in 6.6.4p1/6.6.4) is affected by an out-of-bounds read in mta_io/mta_session.c when handling multi-line replies, enabling remote code execution. The issue primarily arises in the client-side code but can be triggered through server bounce handli...

10CVSS9.4AI score0.889EPSS
In wildExploits10References11Affected Software1
Debian CVE
Debian CVE
added 2020/02/25 4:38 p.m.28 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS9.7AI score0.889EPSS
Exploits10
The Hacker News
The Hacker News
added 2020/02/25 10:54 a.m.69 views

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfe...

10CVSS1.5AI score0.889EPSS
Exploits10
Rows per page
Query Builder