CVE-2006-5875 | Vulnerability Database | Aqua Security

eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an SMTP level e-mail address.

Affected Software

Name	Vendor	Start Version	End Version
Enemies_of_carlotta	Enemies_of_carlotta	1.0.3 (including)	1.0.3 (including)
Enemies_of_carlotta	Enemies_of_carlotta	1.2.3 (including)	1.2.3 (including)
Enemies-of-carlotta	Ubuntu	dapper	*
Enemies-of-carlotta	Ubuntu	devel	*
Enemies-of-carlotta	Ubuntu	edgy	*
Enemies-of-carlotta	Ubuntu	feisty	*
Enemies-of-carlotta	Ubuntu	gutsy	*
Enemies-of-carlotta	Ubuntu	upstream	*

References

http://liw.iki.fi/lists/eoc%40liw.iki.fi/msg00366.html
http://secunia.com/advisories/23377
http://secunia.com/advisories/23382
http://www.debian.org/security/2006/dsa-1236
http://www.osvdb.org/30849
http://www.securityfocus.com/bid/21572
http://www.vupen.com/english/advisories/2006/5000
https://exchange.xforce.ibmcloud.com/vulnerabilities/30923

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5875
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html