- Home
-
Vulnerability & Exploit Database
Vulnerability & Exploit Database
- Severity: 9
- Published: November 25, 2018
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS co...
- Severity: 9
- Published: November 25, 2018
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS co...
- Severity: 9
- Published: November 25, 2018
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS co...
Disclosed: October 23, 2018
The imap_open function within php, if called without the /norsh flag, will attempt to preauthenticate an
IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand
option can be passed from imap_open to execute arbitrary commands.
While many custom applications may use i...
- Severity: 1
- Published: June 10, 2014
This is a placeholder for all CVEs that are not relevant for one reason
or another on Red Hat Enterprise Linux 7. Oftentimes Red Hat makes this
determination because the affected software was shipped, built or
configured in a manner that it made it invulnerable to a given
vulnerability.