270 matches found
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. id: CVE-2023-2227 info: name: Modoboa 2.1.0 - Improper Authorization author: ritikchaddha,princechaddha severity: critical description: | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. impact:...
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...
CVE-2026-27602
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-27602
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-27602 Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-27602 Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-27602
Modoboa contains an OS command injection vulnerability (CWE-like) due to exec_cmd paths using subprocess with shell=True and unsanitized domain/input values. In modoboa/lib/sysutils.py and related sinks (DKIM domain handling, mailbox rename, sa-learn, doveadm, rrdtool, webmail operations), domain...
CVE-2026-27602
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
CVE-2026-27602 Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...
modoboa-automua (=1.0.0), modoboa-contacts (>=0.8.0 <=0.9.3) +1 more potentially affected by CVE-2026-27602 via modoboa (>=1.17.0 <=2.3.6)
modoboa PYPI version =1.17.0, =0.8.0, =1.4.0, =1.6.3 Source cves: CVE-2026-27602 Source advisory: OSV:GHSA-WWV8-CQPR-VX3M...
modoboa-contacts (>=0.8.0 <=0.9.3), modoboa-radicale (>=1.4.0 <=1.6.3) potentially affected by CVE-2026-27602 via modoboa (=2.3.6)
modoboa PYPI version =2.3.6 is affected by a known vulnerability. The following packages have a transitive dependency on modoboa and may be impacted: - modoboa-contacts =0.8.0, =1.4.0, =1.6.3 Source cves: CVE-2026-27602 Source advisory: SNYK:PYTHON-MODOBOA-15766702...
Modoboa has OS Command Injection
Summary execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server...
EUVD-2026-15951
Modoboa has OS Command Injection...
Command Injection
Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Command Injection via the execcmd function. An attacker who has Reseller or SuperAdmin privileges can execute arbitrary operating system commands by supplying specially crafted input, such as domain...
GHSA-WWV8-CQPR-VX3M Modoboa has OS Command Injection
Summary execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server...
Modoboa 操作系统命令注入漏洞
Modoboa is a mail hosting and management platform developed by the Modoboa team. Versions of Modoboa prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the execcmd function always running child processes with shell=True, and it...
PT-2026-28089
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, exec cmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell...
EUVD-2019-0087
Malware in sbrugna...
EUVD-2023-0166
Malicious code in bioql PyPI...
EUVD-2023-0174
Malicious code in bioql PyPI...