EUVD-1999-0145

Malware in sbrugna...

EUVD-1999-0057

Malware in sbrugna...

EUVD-2023-42015

Malicious code in bioql PyPI...

CVE-2023-38193

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line...

CVE-2023-38193

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line...

PT-2023-26329 · Unknown · Superwebmailer

Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue in SuperWebMailer allows Remote Code Execution via a crafted sendmail command line. Recommendations: For SuperWebMailer version 9.00.0.01710, consider restricting access to the sendmai...

SuperWebMailer Command Injection Vulnerability

Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710 that stems from the presence of a Remote Code Execution RCE vulnerability. An attacker can...

CodeIgniter arbitrary code execution

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

Code injection

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

openSUSE Security Update : roundcubemail (openSUSE-2016-1533)

This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A malicious...

PHPMailer Bug Leaves Millions of Websites Open to Attack

UPDATE A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack. The flaw was disclosed by researcher Dawid Golunski of Legal Hackers, who said t...

openSUSE Security Update : roundcubemail (openSUSE-2016-1419)

roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 - A maliciously crafted email could cause untrusted code to be executed cross site scriptin...

openSUSE Security Update : roundcubemail (openSUSE-2016-1418)

This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A malicious...

Security update for roundcubemail (important)

roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 A maliciously crafted email could cause untrusted code to be executed cross site scripting usi...

HPLIP hpssd.py From Address Arbitrary Command Execution

This module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This module was written and tested using the Fedora 6 Linux distribution. On the test system...

Debian DSA-168-1 : php - bypassing safe_mode, CRLF injection

Wojciech Purczynski found out that it is possible for scripts to pass arbitrary text to sendmail as commandline extension when sending a mail through PHP even when safemode is turned on. Passing 5th argument should be disabled if PHP is configured in safemode, which is the case for newer PHP...

Caldera OpenLinux 2.2 Debian 2.12.2 RedHat 6.0 - Vixie Cron MAILTO Sendmail

Caldera OpenLinux 2.2 Debian 2.12.2 RedHat 6.0 - Vixie Cron MAILTO Sendmail Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux = 6.0 Vixie Cron MAILTO Sendmail Vulnerability source: https://www.securityfocus.com/bid/611/info Failure by the vixie cron daemon from validating the contents of a...

Caldera OpenLinux 2.2 / Debian 2.1/2.2 / RedHat 6.0 - Vixie Cron MAILTO Sendmail

Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux = 6.0 Vixie Cron MAILTO Sendmail Vulnerability source: https://www.securityfocus.com/bid/611/info Failure by the vixie cron daemon from validating the contents of a user supplied environment variable allow a malicious users to pass arbitrar...

CVE-1999-0057

Vacation program allows command execution by remote users through a sendmail command...