Published: 25/11/2018 Updated: 07/11/2023

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 758

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote malicious users to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 8.0
debian debian linux 9.0
uw-imap project uw-imap 2007f
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 16.04

Debian Bug report logs - #913775 php73-imap: CVE-2018-19518: imap_open() function command injection Package: php73-imap; Maintainer for php73-imap is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Source for php73-imap is src:php73 (PTS, buildd, popcon) Reported by: rhns <vulns@rhnseu> Date: Thu, 15 ...

UW IMAP could be made to execute programs if it received specially crafted input ...

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed in ...

ext/imap/php_imapc in PHP 5x and 7x before 730 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function(CVE-2018-19935) University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launch ...

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1c and the tcp_aopen function in osdep/unix/tcp_unixc) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if t ...

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

CVE-2018-19518 免责声明本程序应仅用于授权的安全测试与研究目的，请使用者遵照网络安全法合理使用。使用者使用该工具出现任何非法攻击等违法行为，与作者无关。使用 python CVE-2018-19518py 目标ip 目标port shell-ip shell-port

some works on CVE-2018-19518

CVE-2018-19518 last rapport here : gitlabcom/ensimag-security/CVE-2018-19518/-/jobs/artifacts/master/raw/rapportpdf?job=PDF Usage run app docker-compose up -d example normal usage for the web app imap : webmailgrenoble-inporg user : prenomnom@grenoble-inporg password : xxx exploit using echo '1234567890'>

How to do recon on a web-application properly

Information Gathering [ Reloaded ] Information Gathering & Scaning for sensitive information Whois Lookup To Check Other websites registered by the registrant of the site (reverse check on the registrant, email address, and telephone), and in-depth investigation of the sites found whois targettld Website Ip For collecting Ser

CWE-88 https://www.openwall.com/lists/oss-security/2018/11/22/3 https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php https://bugs.php.net/bug.php?id=77160 https://bugs.php.net/bug.php?id=77153 https://bugs.php.net/bug.php?id=76428 https://bugs.debian.org/913836 https://bugs.debian.org/913835 https://bugs.debian.org/913775 https://antichat.com/threads/463395/#post-4254681 http://www.securitytracker.com/id/1042157 http://www.securityfocus.com/bid/106018 https://www.exploit-db.com/exploits/45914/https://www.debian.org/security/2018/dsa-4353 https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html https://security.netapp.com/advisory/ntap-20181221-0004/https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html https://usn.ubuntu.com/4160-1/https://security.gentoo.org/glsa/202003-57 https://lists.debian.org/debian-lts-announce/2021/12/msg00031.html https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5bfea64c81ae34816479bb05d17cdffe45adddb https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913775 https://usn.ubuntu.com/4160-1/https://nvd.nist.gov

CVE-2018-19518

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect