Gaute Hope

2 exploits Active since Dec 2013
CVE-2013-4478 WRITEUP WRITEUP
sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Filename
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
CVE-2013-4479 WRITEUP WRITEUP
Sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Content-Type
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.