8 matches found
EUVD-2017-0220
Malware in sbrugna...
SUSE CVE-2011-0739
The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...
GHSA-CPJC-P7FC-J9XH Mail Improper Input Validation vulnerability
The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...
CVE-2015-9097
The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...
rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a 1 sendmail or 2 exim delivery...
CVE-2012-2140
The CVE-2012-2140 entry concerns the rubygem-mail package for Ruby, version prior to 2.4.3. The vulnerability arises in the mail gem’s Exim/Sendmail delivery paths where improper input handling allows a remote attacker to execute arbitrary commands via shell metacharacters. Public documentation i...
CVE-2011-0739
The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...
CVE-2011-0739
CVE-2011-0739 affects the Ruby Mail gem (2.2.14 and earlier). The root cause is the deliver() path in the sendmail delivery method (lib/mail/network/delivery_methods/sendmail.rb), where shell metacharacters in an e-mail address can be injected to execute arbitrary commands. Public references conf...