sendmail software vulnerabilities
vulnerabilities.aspcode.net
Searching sendmail software vulnerabilities
Buffer overflow in SMTP HELO command in Sendmai
activities
|
Sendmail
|
attacker
|
overflow
|
command
|
remote
|
Buffer
|
allows
|
HELO
|
hide
|
SMTP
|
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
In older versions of Sendmail, an attacker coul
character
|
attacker
|
commands
|
versions
|
Sendmail
|
execute
|
older
|
could
|
root
|
pipe
|
use
|
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
Denial of service in SMTP applications such as
applications
|
Sendmail
|
attacker
|
service
|
remote
|
Denial
|
SMTP
|
such
|
Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection.
A Sendmail alias allows input to be piped to a
Sendmail
|
program
|
allows
|
alias
|
piped
|
input
|
A Sendmail alias allows input to be piped to a program.
Denial of service in Sendmail 8.8.6 in HPUX.
Sendmail
|
service
|
Denial
|
Denial of service in Sendmail 8.8.6 in HPUX.
Vulnerability in SMI Sendmail 4.0 and earlier,
Vulnerability
|
Sendmail
|
earlier
|
SunOS
|
SMI
|
Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.
SunOS sendmail 5.59 through 5.65 uses popen to
sendmail
|
SunOS
|
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
Multiple unspecified vulnerabilities in sendmai
vulnerabilities
|
unspecified
|
installed
|
sendmail
|
Multiple
|
413_U1
|
SunOS
|
Sun
|
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
sendmail 8.9.3, as included with the MMDF 2.43.
sendmail
|
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
Sendmail before 8.12.1, without the RestrictQue
Sendmail
|
before
|
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
Sendmail before 8.12.1, without the RestrictQue
Sendmail
|
before
|
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
Sendmail Consortium's Restricted Shell (SMRSH)
Consortium's
|
Restricted
|
Sendmail
|
Shell
|
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
compose.cgi in Mailreader.com 2.3.30 and 2.3.31
Mailreadercom
|
composecgi
|
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
IBM AIX 5.2 and earlier distributes Sendmail wi
configuration
|
distributes
|
Sendmail
|
earlier
|
file
|
IBM
|
AIX
|
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
The DNS map code in Sendmail 8.12.8 and earlier
Sendmail
|
code
|
DNS
|
map
|
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
The prescan function in Sendmail 8.12.9 allows
Sendmail
|
function
|
prescan
|
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Sendmail before 8.12.3 on Debian GNU/Linux, whe
Sendmail
|
before
|
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
Stack-based buffer overflow in sendmail in XMai
Stack-based
|
sendmail
|
overflow
|
before
|
buffer
|
XMail
|
Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.
Sendmail before 8.13.7 allows remote attackers
Sendmail
|
before
|
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
PHPMailer 1.7, when configured to use sendmail,
classphpmailerphp
|
metacharacters
|
SendmailSend
|
configured
|
attackers
|
PHPMailer
|
arbitrary
|
commands
|
sendmail
|
function
|
execute
|
remote
|
allows
|
shell
|
use
|
via
|
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Software vulnerabilities results 1 to 20 of 45
Page:
1
2
3
►