11 matches found
PHPMailer Local file inclusion
Impact Arbitrary local file inclusion via the $lang property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem. Patches It's not known exactly when this was fixed in...
GHSA-6H78-85V2-MMCH PHPMailer Shell command injection
PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...
PHPMailer Shell command injection
PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...
PHPMailer < 2.0.0 rc1 'SendmailSend' RCE Vulnerability
PHPMailer is prone to a remote code execution RCE vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Ubuntu USN-791-1 (moodle)
The remote host is missing an update to moodle announced via advisory USN-791-1. For details, please visit the referenced security advisories. OpenVAS Vulnerability Test $Id: ubuntu7911.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7911.nasl 7969 2017-12-01 09:23:16Z santu $ Description:...
Debian DSA-1315-1 : libphp-phpmailer - missing input validation
Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validition if configured to use Sendmail. This allows the execution of arbitrary shell commands. The oldstable distribution sarge doesn't include libphp-phpmailer. %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1315-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 19th, 2007 http://www.debian.org/security/faq -...
CVE-2007-3215
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php...
CVE-2007-3215
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php...
CVE-2007-3215
PHPMailer CVE-2007-3215 describes a remote code execution in PHPMailer 1.7 when configured to use Sendmail, allowing shell metacharacters in SendmailSend to execute commands. The issue is noted in multiple advisories (e.g., OSV/GHSA entries) and was fixed in PHPMailer 1.7.4. Public disclosures in...
CVE-2007-3215
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php...