CVE-2019-10149CISA KEV: Actively Exploited

Exim Mail Transfer Agent (MTA) Improper Input Validation

Published Jan 10, 2022·Updated Jan 10, 2022

Description

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Public Exploits & PoCs18 found

PoC: exim-rce-quickfix

quick fix for CVE-2019-10149, works on Debian\Ubuntu\Centos

23

PoC: PoC--CVE-2019-10149_Exim

PoC for CVE-2019-10149, this vulnerability could be xploited betwen 4-87 to 4.91 version of Exim server.

16

PoC: CVE-2019-10149

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

15

PoC: eximrce-CVE-2019-10149

simple python socket connection to test if exim is vulnerable to CVE-2019-10149. The payload simply touch a file in /tmp/eximrce.

15

PoC: CVE-2019-10149-privilege-escalation

CVE-2019-10149 privilege escalation

10

PoC: exim.exp

CVE-2019-10149

5

PoC: CVE-2019-10149

Instructions for installing a vulnerable version of Exim and its expluatation

4

PoC: StickyExim

Exim Honey Pot for CVE-2019-10149 exploit attempts.

4

PoC: CVE-2019-10149-quick

Simple Bash shell quick fix CVE-2019-10149

2

PoC: CVE-2019-10149

Vulnerability Research and Exploit for CVE-2019-10149

PoC: CVE-2019-10149---Exim4---RCE

Cr. Exim 4.87 - 4.91 - Local Privilege Escalation

PoC: Exim-CVE-2019-10149

PoC for exploitation of vulnerability CVE-2019-10149

PoC: PoC_CVE-2019-10149--rce

Remote Command Execution into shell from a vulnerable exim service.

PoC: CVE-2019-10149

test POC for CVE-2019-10149

PoC: CVE-2019-10149

CVE-2019-10149

PoC: CVE-2019-10149-Exploit

Exploit for CVE-2019-10149

PoC: exim-cve-2019-10149-data

Data Collection Related to Exim CVE-2019-10149

PoC: CVE-2019-10149

SNP Assignment on a Linux vulnerability

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free