JamMail ‘Jammail.pl’ 远程任意指令执行漏洞

23次阅读
没有评论

JamMail ‘Jammail.pl’ 远程任意指令执行漏洞

漏洞ID 1108856 漏洞类型 输入验证
发布时间 2005-06-12 更新时间 2005-10-20
JamMail 'Jammail.pl' 远程任意指令执行漏洞CVE编号 CVE-2005-1959
JamMail 'Jammail.pl' 远程任意指令执行漏洞CNNVD-ID CNNVD-200506-104
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25817
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-104
|漏洞详情
jamchenJamMail1.8的jammail.pl允许远程攻击者借助mail参数中的shell元字符执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/13937/info

JamMail is prone to a remote arbitrary command execution vulnerability.

This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script.

This can lead to various attacks including unauthorized access to an affected computer.

JamMail 1.8 is affected by this issue. 

http://www.example.com/cgi-bin/jammail.pl?job=showoldmail&mail=|command|
|参考资料

来源:SECTRACK
名称:1014175
链接:http://securitytracker.com/id?1014175
来源:BID
名称:13937
链接:http://www.securityfocus.com/bid/13937

相关推荐: Tru64 SU程序本地缓冲区溢出漏洞

Tru64 SU程序本地缓冲区溢出漏洞 漏洞ID 1204076 漏洞类型 边界条件错误 发布时间 2002-07-19 更新时间 2005-05-02 CVE编号 CVE-2002-0816 CNNVD-ID CNNVD-200208-061 漏洞平台 N/…

正文完
 0