Lucene search
K

256 matches found

OSV
OSV
added 2020/01/29 4:15 p.m.21 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

9.8CVSS9.6AI score0.98946EPSS
Exploits27References15
NVD
NVD
added 2020/01/29 4:15 p.m.25 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

10CVSS9.7AI score0.98946EPSS
Exploits27References15
OSV
OSV
added 2020/01/29 4:15 p.m.2 views

ALPINE-CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

9.8CVSS7.7AI score0.98946EPSS
Exploits27References1
OSV
OSV
added 2020/01/29 4:15 p.m.1 views

DEBIAN-CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

9.8CVSS9AI score0.98946EPSS
Exploits27References1
UbuntuCve
UbuntuCve
added 2020/01/29 4:15 p.m.22 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

10CVSS7.5AI score0.98946EPSS
Exploits27References14
Prion
Prion
added 2020/01/29 4:15 p.m.24 views

Input validation

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

10CVSS9.5AI score0.98946EPSS
Exploits27References14Affected Software4
Vulnrichment
Vulnrichment
added 2020/01/29 3:53 p.m.7 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

9.7AI score0.98946EPSS
Exploits27References14
Cvelist
Cvelist
added 2020/01/29 3:53 p.m.38 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

9.6AI score0.98946EPSS
Exploits27References14
CVE
CVE
added 2020/01/29 3:53 p.m.1224 views

CVE-2020-7247

CVE-2020-7247 affects OpenSMTPD 6.6 (OpenBSD 6.6 and others). The smtp_mailaddr() check in smtp_session.c can pass malformed local-parts with an empty domain, due to an incorrect return value on input validation, enabling remote root code execution via a crafted SMTP session (MAIL FROM) on the de...

10CVSS9.5AI score0.98946EPSS
In wildExploits27References15Affected Software1
Debian CVE
Debian CVE
added 2020/01/29 3:53 p.m.34 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

10CVSS9.7AI score0.98946EPSS
Exploits27
AlpineLinux
AlpineLinux
added 2020/01/29 3:53 p.m.45 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

10CVSS9.8AI score0.98946EPSS
Exploits27
Metasploit
Metasploit
added 2020/01/29 11:10 a.m.95 views

OpenSMTPD MAIL FROM Remote Code Execution

This module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute a command as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

9.8CVSS0.5AI score0.98946EPSS
Exploits27
0day.today
0day.today
added 2020/01/29 12:0 a.m.183 views

OpenBSD OpenSMTPD Privilege Escalation / Code Execution Vulnerabilities

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 commit a8e222352f, "switch smtpd to new grammar" and allows an attacker to execute arbitrary shell commands, as root. OpenBSD OpenSMTPD Privilege Escalation / Code Execution...

10CVSS1AI score0.98946EPSS
Exploits27
Positive Technologies
Positive Technologies
added 2020/01/29 12:0 a.m.5 views

PT-2020-1569 · Openbsd +1 · Opensmtpd +1

Name of the Vulnerable Software and Affected Versions: OpenSMTPD versions 6.6 Description: The issue is related to the smtp mailaddr function in the smtp session.c file of the OpenSMTPD mail daemon, which is used in OpenBSD and other products. It allows remote attackers to execute arbitrary...

10CVSS8.3AI score0.98946EPSS
Exploits41References76
Packet Storm
Packet Storm
added 2020/01/29 12:0 a.m.229 views

OpenBSD OpenSMTPD Privilege Escalation / Code Execution

Qualys Security Advisory LPE and RCE in OpenSMTPD CVE-2020-7247 ============================================================================== Contents ============================================================================== Summary Analysis Exploitation Acknowledgments...

0.8AI score0.98946EPSS
Exploits27
ATTACKERKB
ATTACKERKB
added 2020/01/29 12:0 a.m.32 views

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the “uncommented” default configuration...

10CVSS9.6AI score0.98946EPSS
In wildExploits27References20
OSV
OSV
added 2020/01/29 12:0 a.m.28 views

DSA-4611-1 opensmtpd - security update

Bulletin has no description...

10CVSS9.4AI score0.98946EPSS
Exploits27
ArchLinux
ArchLinux
added 2020/01/29 12:0 a.m.30 views

[ASA-202001-6] opensmtpd: arbitrary command execution

Arch Linux Security Advisory ASA-202001-6 ========================================= Severity: Critical Date : 2020-01-29 CVE-ID : CVE-2020-7247 Package : opensmtpd Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1090 Summary ======= The package opensmtpd...

10CVSS2.8AI score0.98946EPSS
Exploits27References5
FreeBSD
FreeBSD
added 2020/01/28 12:0 a.m.40 views

OpenSMTPd -- critical LPE / RCE vulnerability

OpenSMTPD developers report: An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user...

10CVSS7AI score0.98946EPSS
Exploits27References1
NVD
NVD
added 2017/10/16 6:29 p.m.18 views

CVE-2015-7687

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service crash or execute arbitrary code via vectors involving reqcavrfysmtp and reqcavrfymta...

9.8CVSS9.6AI score0.04094EPSS
Exploits1References7
Rows per page
Query Builder