Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-0757

Published: 18/02/2006 Updated: 20/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 765
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple eval injection vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

Vulnerable Product Search on Vulmon Subscribe to Product

hivemail hivemail 1.2_sp1

hivemail hivemail 1.3

hivemail hivemail 1.1

hivemail hivemail 1.1.1

hivemail hivemail 1.3_beta1

hivemail hivemail 1.3_rc1

hivemail hivemail 1.2.1_rc

hivemail hivemail 1.2.2

hivemail hivemail 1.2

hivemail hivemail 1.2.1_beta1

Exploits

Exploit DB: HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution
source: wwwsecurityfocuscom/bid/16591/info HiveMail is prone to multiple vulnerabilities These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection The PHP code-execution issues are the result of an input-validation error that may allow user-supplied PHP code to be evaluated b ...
Exploit DB: HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution
source: wwwsecurityfocuscom/bid/16591/info HiveMail is prone to multiple vulnerabilities These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection The PHP code-execution issues are the result of an input-validation error that may allow user-supplied PHP code to be evaluated by ...
Exploit DB: HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution
#!/usr/bin/perl # # # # HiveMail <= 13 remote command execution exploit # # # ################################################################################# # ...

References

NVD-CWE-Otherhttp://archives.neohapsis.com/archives/bugtraq/2006-02/0162.htmlhttp://forum.hivemail.com/showthread.php?p=26745http://www.gulftech.org/?node=research&article_id=00098-02102006http://www.securityfocus.com/bid/16591http://secunia.com/advisories/18807http://www.vupen.com/english/advisories/2006/0527https://exchange.xforce.ibmcloud.com/vulnerabilities/24618https://nvd.nist.govhttps://www.exploit-db.com/exploits/27185/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228CVE-2024-20361log injectionbypassCVE-2024-4985CVE-2024-35223CVE-2024-29849CVE-2024-31893IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook