| Vulnerability Name: | CVE-2005-1435 (CCN-20356) | ||||||||
| Assigned: | 2005-05-02 | ||||||||
| Published: | 2005-05-02 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-1435 Source: CCN Type: Open WebMail Download Web page Index of /openwebmail/download Source: CCN Type: SA15225 Open WebMail Shell Command Injection Vulnerability Source: SECUNIA Type: Vendor Advisory 15225 Source: CCN Type: SECTRACK ID: 1013859 Open WebMail Input Validation Hole Prior to open() Call Lets Remote Users Execute Arbitrary Commands Source: SECTRACK Type: Patch 1013859 Source: CONFIRM Type: Patch http://sourceforge.net/forum/message.php?msg_id=3128678 Source: CCN Type: OSVDB ID: 16304 Open WebMail (OWM) Shell Escape Arbitrary Command Execution Source: CCN Type: BID-13472 Open WebMail Remote Arbitrary Shell Command Execution Vulnerability Source: XF Type: UNKNOWN open-webmail-open-command-execution(20356) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||