Vulnerabilities > CVE-2006-5875 - Unspecified vulnerability in Enemies of Carlotta Enemies of Carlotta 1.0.3/1.2.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN enemies-of-carlotta
nessus
Summary
eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address".
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1236.NASL |
description | Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23849 |
published | 2006-12-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23849 |
title | Debian DSA-1236-1 : enemies-of-carlotta - missing sanity checks |
code |
|
References
- http://www.debian.org/security/2006/dsa-1236
- http://www.securityfocus.com/bid/21572
- http://secunia.com/advisories/23377
- http://secunia.com/advisories/23382
- http://www.osvdb.org/30849
- http://www.vupen.com/english/advisories/2006/5000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30923
- http://liw.iki.fi/lists/eoc%40liw.iki.fi/msg00366.html