2 matches found
CVE-2014-1203
The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...
Eyou Mail System Remote Code Execution
Hi! The Eyou Mail System have a Remote Code Execution in \inc\fuction.php.It affects version below 3.6. The Vulnerability fuction is getloginipconfigfile in \inc\fuction.php. function getloginipconfigfile$domain, $file $dir = '/var/eyou/Domain/'; $dirmail = exec'/var/eyou/sbin/hashid '.$domain;...