The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open_webmail | Open_webmail | 1.7 (including) | 1.7 (including) |
Open_webmail | Open_webmail | 1.8 (including) | 1.8 (including) |
Open_webmail | Open_webmail | 1.71 (including) | 1.71 (including) |
Open_webmail | Open_webmail | 1.81 (including) | 1.81 (including) |
Open_webmail | Open_webmail | 1.90 (including) | 1.90 (including) |
Open_webmail | Open_webmail | 2.20 (including) | 2.20 (including) |
Open_webmail | Open_webmail | 2.21 (including) | 2.21 (including) |
Open_webmail | Open_webmail | 2.30 (including) | 2.30 (including) |
Open_webmail | Open_webmail | 2.31 (including) | 2.31 (including) |
Open_webmail | Open_webmail | 2.32 (including) | 2.32 (including) |