Summary
PineApp Mail-SeCure is prone to a remote command-injection vulnerability.
Impact
Successful exploits will result in the execution of arbitrary commands with root privileges in the context of the affected appliance.
Impact Level: Application
Solution
Ask the Vendor for an update.
Insight
The specific flaws exist with input sanitization in the livelog.html component. These flaws allow for the injection of arbitrary commands to the Mail-SeCure server.
Detection
Send a crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Alchemy Eye HTTP Command Execution
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution