Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

Hastymail 'rs' and 'rsargs[]' Parameters Remote Code Injection Vulnerabilities

http://www.securityfocus.com/bid/50791

Security Info

Bugtraq ID: 50791
Class: Input Validation Error
CVE: CVE-2011-4542
Remote: Yes
Local: No
Published: Nov 23 2011 12:00AM
Updated: Jul 12 2012 04:30PM
Credit: BTeixeira
Vulnerable:
Not Vulnerable:

Security Discussion

Hastymail is prone to multiple remote code-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to inject and execute arbitrary malicious code with the privileges of the user running the application.

Hastymail 2.1.1 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

An attacker can exploit this issue through a browser.

The following exploit code is available:

Security Solution(s)

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 25, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services