Qmail SMTP Bash Environment Variable Injection (Shellshock)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Qmail SMTP Bash Environment Variable Injection Shellshock', 'Description' = %q This module exploits a shellshock vulnerability on Qmail, a public...

Apache Tomcat SendMailServlet sendmail.jsp 'mailfrom' Parameter XSS

The remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in the 'examples/SendMailServlet' servlet. An unauthenticated remote attacker can exploit this issue to inject arbitrary HTML or script code into a user...

horde-imp.txt

Hi, this bug we discovered recently. HORDE 1.2.0 $from-bug and how to exploit with IMP 2.2.0 Disclaimer: This is intended as a paper for sysadmins who want to secure their systems. It is NOT a how to for scriptkiddies to run any attack on a IMP-using site. The authors of this text will not be hel...