The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open_webmail | Open_webmail | 1.7 | 1.7 |
Open_webmail | Open_webmail | 1.81 | 1.81 |
Open_webmail | Open_webmail | 2.30 | 2.30 |
Open_webmail | Open_webmail | 2.21 | 2.21 |
Open_webmail | Open_webmail | 1.71 | 1.71 |
Open_webmail | Open_webmail | 2.31 | 2.31 |
Open_webmail | Open_webmail | 2.20 | 2.20 |
Open_webmail | Open_webmail | 1.8 | 1.8 |
Open_webmail | Open_webmail | 1.90 | 1.90 |
Open_webmail | Open_webmail | 2.32 | 2.32 |