CVE-2016-10034

creationtimestamp| type| source ---|---|--- 2024-04-24 22:29:01+00:00| seen| https://t.me/arpsyndicate/4833...

K79502122: Zend Framework vulnerability CVE-2016-10034

Security Advisory Description The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary...

Mageia: Security Advisory (MGASA-2017-0016)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

PHPMailer &lt; 5.2.20 with Exim MTA - Remote Code Execution

!/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE : CVE-2016-10033,CVE-2016-10074,CVE-2016-10034,CVE-2016-10045 @phacktul -...

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

Paragon Initiative Enterprises: Directory Disclose,Email Disclose Zendmail vulnerability

i found three vulnerability Directory information disclose,Email address disclose, and possible Remote code execution in Zendmail during signup your code accept username with ',",/,@ while all of the special character must be forbidden or encoded in username Directory Disclose: 1. goto sign-up pa...

Updated php-ZendFramework2 packages fix security vulnerability

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...

PHPMailer / Zend-mail / SwiftMailer Remote Code Execution

!/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit a.k.a "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 +...

Zend Framework / zend-mail 2.4.11 - Remote Code Execution Exploit

Exploit for php platform in category web applications 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attac...

CVE-2016-10034

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...

CVE-2016-10034

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...

CVE-2016-10034

CVE-2016-10034 affects Zend Framework’s zend-mail Sendmail adapter: the setFrom function can be abused by inserting additional quote characters in the recipient address to cause remote code execution. Affected: zend-mail component before 2.4.11, 2.5.x, 2.6.x, and Zend Framework before 2.4.11; and...

Zend Framework / zend-mail &lt; 2.4.11 - Remote Code Execution

09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // encoded phpinfo...

Zend Framework zend-mail 2.4.11 - Remote Code Execution

Zend Framework zend-mail 2.4.11 - Remote Code Execution 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/...