PineApp Mail-SeCure 'livelog.html' Remote Command Injection Vulnerability Network Vulnerability

Summary

PineApp Mail-SeCure is prone to a remote command-injection vulnerability.

Impact

Successful exploits will result in the execution of arbitrary commands with root privileges in the context of the affected appliance. Impact Level: Application

Solution

Ask the Vendor for an update.

Insight

The specific flaws exist with input sanitization in the livelog.html component. These flaws allow for the injection of arbitrary commands to the Mail-SeCure server.

Detection

Send a crafted HTTP GET request and check the response.

References

http://www.securityfocus.com/bid/61473

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe ColdFusion Directory Traversal Vulnerability
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
Advantech WebAccess Multiple Vulnerabilities
ApPHP MicroBlog Remote Code Execution Vulnerability
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Take action and discover your vulnerabilities