11 matches found
EUVD-2002-1369
Malware in sbrugna...
EUVD-2004-2449
Malware in sbrugna...
EUVD-2005-1438
Malware in sbrugna...
Open WebMail userstat.pl Arbitrary Command Execution
The target is running at least one instance of Open WebMail in which the userstat.pl component fails to sufficiently validate user input. This failure enables remote attackers to execute arbitrary programs on the target using the privileges under which the web server operates. For further...
CVE-2002-1385
openwebmailinit in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. dot dot sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be...
Open WebMail vacation.pl Arbitrary Command Execution
The target is running at least one instance of Open WebMail in which the vacation.pl component fails to sufficiently validate user input. This failure enables remote attackers to execute arbitrary programs on a target using the privileges under which the web server operates. For further...
[Full-Disclosure] CSA-200402-1: Previous Open Webmail vulnerability is exploitable
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cycom AB Security Advisory CSA-200402-1 www.cycom.se Advisory: Previous Open Webmail vulnerability is exploitable Date: Sat Feb 21 15:18:21 CET 2004, updated: Thu May 6 10:37:29 CEST 2004 Application: Open Webmail 2.20, 2.21 and 2.30 and -current...
Open WebMail 1.x/2.x - Remote Command Execution Variant
source: https://www.securityfocus.com/bid/10316/info A vulnerability has been reported in Open WebMail that allows a remote attacker to execute arbitrary commands on a vulnerable host. The problem is due to insufficient sanitization of shell metacharacters that are passed to the vulnerable softwa...
Open WebMail 1.x2.x - Remote Command Execution Variant
Open WebMail 1.x2.x - Remote Command Execution Variant source: https://www.securityfocus.com/bid/10316/info A vulnerability has been reported in Open WebMail that allows a remote attacker to execute arbitrary commands on a vulnerable host. The problem is due to insufficient sanitization of shell...
CVE-2002-1385
openwebmailinit in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. dot dot sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be...
Open WebMail 1.71 "background" magic info
Hello Folks, Open Webmail is a perl webmail program that runs on UNIX operational systems. For more about Open WebMail, its official website is http://openwebmail.org/. Ok, lets talk about the problem. Ive tested Open WebMail 1.71 an when you enter an invalid username user that doesnt exist on th...