Vulnerabilities > CVE-2006-5262 - Unspecified vulnerability in Hastymail

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

hastymail

exploit available

NVD

Published: 2006-10-12

Updated: 2018-10-17

Summary

CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.

Vulnerable Configurations

Part	Description	Count
Application	Hastymail Hastymail Hastymail 1.1 Hastymail Hastymail 1.0.1 Hastymail Hastymail 1.0.2 Hastymail Hastymail * Hastymail Hastymail 1.2	5

Exploit-Db

description	Hastymail 1.x IMAP SMTP Command Injection Vulnerability. CVE-2006-5262. Webapps exploit for php platform
id	EDB-ID:28777
last seen	2016-02-03
modified	2006-10-10
published	2006-10-10
reporter	Vicente Aguilera Diaz
source	https://www.exploit-db.com/download/28777/
title	Hastymail 1.x IMAP SMTP Command Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References