Page 4 of 35 results (0.004 seconds)

CVSS: 9.8EPSS: 3%CPEs: 51EXPL: 0

04 Sep 2014 — The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. La función dmarc_process en dmarc.c en Exim anterior a 4.82.1, cuando EXPERIMENTAL_DMARC está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de la cabecera Desde en un email, lo cual es pasado a la función expand_string. • http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0

04 Sep 2014 — expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. expand.c en Exim anterior a 4.83 expande las comparaciones matemáticas dos veces, lo que permite a usuarios locales ganar privilegios y ejecutar comandos arbitrarios a través de un valor lookup maniulado. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the per... • http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44 • CWE-189: Numeric Errors •

CVSS: 9.8EPSS: 64%CPEs: 9EXPL: 0

31 Oct 2012 — Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. Desbordamiento de búfer basado en memoria dinámica en la función dkim_exim_query_dns_txt en dkim.c en Exim v4.70 hasta v4.80, cuando el soporte DKIM está habilitado y acl_smtp_connect y acl_smtp_... • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 9%CPEs: 70EXPL: 0

05 Oct 2011 — Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. Vulnerabilidad de formato de cadena en la función dkim_exim_verify_finish de src/dkim.c de Exim en versiones anteriores a 4.76. Puede permitir a atacantes remotos ejecutar código ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.8EPSS: 5%CPEs: 6EXPL: 0

16 May 2011 — The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity. La implementación de DKIM en Exim v4.7x con anterioridad a v4.76 permite la comparación de las identidades DKIM para aplicar a las operaciones de búsqueda artículos, en lugar de sólo cadenas, que permite a atacantes remotos ejecutar código arbitrario o acceso a un sistema... • http://www.debian.org/security/2011/dsa-2236 • CWE-20: Improper Input Validation •