16 matches found
openSUSE Security Update : php5-pear-mail (openSUSE-SU-2010:0909-1)
Passing specially crafted $from and $recepient arguments to php5-pear-mail's sendmail.php allowed attackers to inject shell code CVE-2009-4023, CVE-2009-4111. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
Mandriva Update for php-pear-Mail MDVSA-2010:025 (php-pear-Mail)
Check for the Version of php-pear-Mail OpenVAS Vulnerability Test Mandriva Update for php-pear-Mail MDVSA-2010:025 php-pear-Mail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Mandriva Update for php-pear-Mail MDVSA-2010:025 (php-pear-Mail)
Check for the Version of php-pear-Mail OpenVAS Vulnerability Test Mandriva Update for php-pear-Mail MDVSA-2010:025 php-pear-Mail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Mandriva Linux Security Advisory : php-pear-Mail (MDVSA-2010:025)
Multiple vulnerabilities were discovered and corrected in php-pear Mail : Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted paramete...
PEAR Mail软件包Recipient参数注入漏洞
BUGTRAQ ID: 37395 CVE ID: CVE-2009-4111 PEAR是“PHP扩展和应用库”的缩写,用于为PHP用户提供结构化的开源代码库。 PEAR的Mail软件包中Mail/sendmail.php没有正确地过滤$recipients参数,远程攻击者可以通过提交恶意请求读写任意文件。 PEAR Mail 1.1.4 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1938-1)以及相应补丁: DSA-1938-1:New php-mail packages fix insufficient input sanitising...
Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12439. OpenVAS Vulnerability Test $Id: fcore200912439.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12439 php-pear-Mail Authors: Thomas Reinke Copyright:...
Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. OpenVAS Vulnerability Test $Id: fcore200912395.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12395 php-pear-Mail Authors: Thomas Reinke Copyright:...
Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12348. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12439. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora 10 : php-pear-Mail-1.1.14-5.fc10 (2009-12439)
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...
Fedora 12 : php-pear-Mail-1.1.14-5.fc12 (2009-12395)
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...
Fedora 11 : php-pear-Mail-1.1.14-5.fc11 (2009-12348)
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...
CVE-2009-4111
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...
CVE-2009-4111
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...
CVE-2009-4111
CVE-2009-4111 affects PEAR Mail’s Mail::Send implementation (Mail/sendmail.php) in the Mail package (v1.1.14, v1.2.0b2, and possibly other versions). The vulnerability allows remote attackers to read/write arbitrary files via a crafted $recipients parameter, a vector/impact separate from CVE-2009...