Exim SMTP email server (versions before 4.90) are vulnerable to remote code execution via a vulnerability in Base64 decoding.
Recent assessments:
asoto-r7 at June 25, 2019 6:25pm UTC reported:
There are a few PoCs for this one. Exim is a bear to setup and I wouldn’t be shocked to find unpatched servers because sysadmins don’t want to touch them. Since they’d be Internet-accessible, there’s a lot of attacker utility here for the small population that uses Exim.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 0