OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution', 'Description' = %q This module exploits a command injection in the MAIL FROM field during SMTP...

QIWI: [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/

An XML external entities injection vulnerability exists on the soap server hosted on send.qiwi.ru. The attack allows an attacker to open local files although perhaps not return the data, see below, leading at best to a DoS. Often this attack can be used to extract files from the server such as...