CVE-2006-5313 - Perverted Orders
Description
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.
Reference
http://hastymail.sourceforge.net/security.php http://www.securityfocus.com/bid/20424 http://secunia.com/advisories/22308 http://www.vupen.com/english/advisories/2006/3956 https://exchange.xforce.ibmcloud.com/vulnerabilities/29407 http://www.securityfocus.com/archive/1/453417/100/0/threaded