Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-1132

Published: 27/03/2010 Updated: 17/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Georg Greve

Vulnerability Summary

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote malicious users to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

Vulnerable Product Search on Vulmon Subscribe to Product

georg greve spamassassin milter plugin 0.3.1

Exploits

Exploit DB: Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution
Description: The Spamassassin Milter plugin suffers from a remote root command execution vulnerability Full exploit details provided Author: Kingcope Spamassassin Milter Plugin Remote Root Zeroday (BTW zerodays lurk in the shadows not HERE) aka the postfix_joker advisory Logic fuckup? March 07 2010 // if you read this 10 years later you are de ...

References

CWE-78http://www.securitytracker.com/id?1023691http://www.vupen.com/english/advisories/2010/0683http://www.exploit-db.com/exploits/11662http://osvdb.org/62809http://www.debian.org/security/2010/dsa-2021http://www.vupen.com/english/advisories/2010/0559http://www.securityfocus.com/bid/38578http://secunia.com/advisories/38840http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.htmlhttp://secunia.com/advisories/38956https://savannah.nongnu.org/bugs/?29136http://www.vupen.com/english/advisories/2010/0837http://secunia.com/advisories/39265https://bugzilla.redhat.com/show_bug.cgi?id=572117http://bugs.debian.org/573228http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/56732https://nvd.nist.govhttps://www.exploit-db.com/exploits/11662/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook