CVE-2013-4987

CVE-2013-4987 affects PineApp Mail-SeCure pre-3.70. It is a local privilege-escalation via an access-control failure: a non-privileged user can obtain a root shell by sending a crafted command in the Mail-SeCure console (example: pa_cli system ping /bin/sh). Root access is achieved locally; all v...

CVE-2013-6829

CVE-2013-6829 describes a remote command injection in PineApp Mail-SeCure via the admin/confnetworking.html interface. The vulnerability allows an attacker to append shell metacharacters in the pinghost parameter during a ping operation, leading to arbitrary command execution on the remote host. ...

CVE-2013-6828

CVE-2013-6828 : The connected sources confirm a remote authentication-bypass vulnerability in PineApp Mail-SeCure, where accessing the admin/management.html page allows bypassing authentication and performing a sys_usermng operation via the it parameter. Affected component: admin interface of Pin...

CVE-2013-6827

CVE-2013-6827 affects PineApp Mail-SeCure appliances, with an absolute path traversal in the admin/viewmsg.php endpoint. The vulnerability allows an attacker to read arbitrary files by supplying a full pathname in the msg parameter. The issue is confirmed by multiple feeds in the connected docume...