MidnightBSD

Advisories for omail

CVE-2003-1202 HIGH

The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
omail omail_webmail 0.97.3
omail omail_webmail 0.98.4
CVE-2004-1993 HIGH

The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
omail omail_webmail 0.97.3
omail omail_webmail 0.98.3
omail omail_webmail 0.98.5