Full title: Exim and Dovecot Insecure Configuration Command Injection 
Category: remote exploits
Platform: windows
This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of the user-controlled variables, which has been successfully tested on Debian Squeeze using the default Exim4 with dovecot-common packages.

# 0day.today @ http://0day.today/