30 matches found
EUVD-2006-5298
Malware in sbrugna...
EUVD-2006-5247
Malware in sbrugna...
Hastymail2 call_user_func_array() Command Injection (CVE-2011-4542)
A command injection vulnerability exists in Hastymail 2.1.1. The vulnerability is due to improper sanitization of special elements used in a request to the server. Remote attacker can exploit this vulnerability by sending malicious HTTP requests to the target server...
Hastymail 2.1.1 RC1 Command Injection
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Hastymail 1.x IMAP SMTP Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20424/info Hastymail is prone to an IMAP / SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An authenticated malicious user could execute arbitrary IMAP / SMTP commands o...
Hastymail 2.1.1 RC1 Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Hastymail 2.1.1 R...
Hastymail 2.1.1 RC1 - Command Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Hastymail 2.1.1 R...
Hastymail 2.1.1 RC1 Command Injection
This module exploits a command injection vulnerability found in Hastymail 2.1.1 RC1 due to the insecure usage of the calluserfuncarray function on the "lib/ajaxfunctions.php" script. Authentication is required on Hastymail in order to exploit the vulnerability. The module has been successfully...
Hastymail rs parameter command injection
Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...
Hastymail rs parameter command injection
Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...
Hastymail rs parameter command injection
Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...
Hastymail "rs"和"rsargs[]"参数远程代码注入漏洞
BUGTRAQ ID: 50794 CVE ID: CVE-2011-4542 Hastymail是一个用PHP编写的快速、安全、兼容RFC、跨平台的IMAP/SMTP客户端应用程序。 Hastymail实现上存在输入验证漏洞,篡改后的$POST'rs'和$POST'rsargs'输入参数没有被正确检查过滤,攻击者可利用这些漏洞注入和执行任意代码,导致Web服务器执行任意PHP代码、泄露敏感信息、删除任意文件。 Hastymail 厂商补丁: Hastymail --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2004-2704
Hastymail 1.0.1 and earlier stable and 1.1 and earlier development does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-si...
CVE-2004-2704
HastyMail (PHP-based mail client) does not send the attachment parameter in the Content-Disposition header for attachments in versions ≤1.0.1 (stable) and ≤1.1 (development). This causes attachments to render inline in Internet Explorer when the download link is clicked, facilitating cross-site s...
Hastymail IMAP SMTP命令注入漏洞
Hastymail IMAP是一款由PHP编写的IMAP协议实现客户端。 Hastymail IMAP不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞执行其他SMTP命令。 由于对命令和信息缺少验证,可导致恶意用户注入任意IMAP/SMTP命令到邮件服务器,可导致绕过限制进行访问。 Hastymail Hastymail 1.5 Hastymail Hastymail 1.2 Hastymail Hastymail 1.1 Hastymail Hastymail 1.0.2 Hastymail Hastymail 1.0.1 升级程序: Hastymail Hastymail...
ISAA-2006-011.txt
============================================= INTERNET SECURITY AUDITORS ALERT 2006-011 - Original release date: September 28, 2006 - Last revised: December 1, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY...
[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail
============================================= INTERNET SECURITY AUDITORS ALERT 2006-011 - Original release date: September 28, 2006 - Last revised: December 1, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY...
Hastymail IMAP/SMTP远程命令注入漏洞
Hastymail是一个用PHP编写的快速、安全、兼容RFC、跨平台的IMAP/SMTP客户端应用程序。 Hastymail在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 拥有有效Hastymail帐号的用户可以通过在Hastymail变量中嵌入“命令结束”序列直接向IMAP或SMTP服务器发送命令。这允许远程攻击者绕过安全限制,尝试攻击IMAP或SMTP服务。 Hastymail Hastymail 1.5 Hastymail Hastymail 1.0.2 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2006-5313
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtpmessage parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct...
CVE-2006-5313
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtpmessage parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct...