Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2010/10/28 12:0 a.m.27 views

openSUSE Security Update : php5-pear-mail (openSUSE-SU-2010:0909-1)

Passing specially crafted $from and $recepient arguments to php5-pear-mail's sendmail.php allowed attackers to inject shell code CVE-2009-4023, CVE-2009-4111. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

7.5CVSS5.3AI score0.02402EPSS
Exploits3References5
OpenVAS
OpenVAS
added 2010/01/29 12:0 a.m.19 views

Mandriva Update for php-pear-Mail MDVSA-2010:025 (php-pear-Mail)

Check for the Version of php-pear-Mail OpenVAS Vulnerability Test Mandriva Update for php-pear-Mail MDVSA-2010:025 php-pear-Mail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS9.2AI score0.02402EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2010/01/29 12:0 a.m.28 views

Mandriva Update for php-pear-Mail MDVSA-2010:025 (php-pear-Mail)

Check for the Version of php-pear-Mail OpenVAS Vulnerability Test Mandriva Update for php-pear-Mail MDVSA-2010:025 php-pear-Mail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS0.02402EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2010/01/26 12:0 a.m.35 views

Mandriva Linux Security Advisory : php-pear-Mail (MDVSA-2010:025)

Multiple vulnerabilities were discovered and corrected in php-pear Mail : Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted paramete...

7.5CVSS5.8AI score0.02402EPSS
Exploits3References2
seebug.org
seebug.org
added 2009/12/23 12:0 a.m.37 views

PEAR Mail软件包Recipient参数注入漏洞

BUGTRAQ ID: 37395 CVE ID: CVE-2009-4111 PEAR是“PHP扩展和应用库”的缩写,用于为PHP用户提供结构化的开源代码库。 PEAR的Mail软件包中Mail/sendmail.php没有正确地过滤$recipients参数,远程攻击者可以通过提交恶意请求读写任意文件。 PEAR Mail 1.1.4 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1938-1)以及相应补丁: DSA-1938-1:New php-mail packages fix insufficient input sanitising...

6.8CVSS1.1AI score0.01637EPSS
Exploits2
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.33 views

Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)

The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12439. OpenVAS Vulnerability Test $Id: fcore200912439.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12439 php-pear-Mail Authors: Thomas Reinke Copyright:...

7.5CVSS0.2AI score0.02402EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.29 views

Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)

The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. OpenVAS Vulnerability Test $Id: fcore200912395.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12395 php-pear-Mail Authors: Thomas Reinke Copyright:...

7.5CVSS0.02402EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.30 views

Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)

The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12348. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

7.5CVSS9.4AI score0.02402EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.26 views

Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)

The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12439. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

7.5CVSS9.4AI score0.02402EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.23 views

Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)

The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

7.5CVSS9.4AI score0.02402EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.19 views

Fedora 10 : php-pear-Mail-1.1.14-5.fc10 (2009-12439)

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...

7.5CVSS5.7AI score0.02402EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.31 views

Fedora 12 : php-pear-Mail-1.1.14-5.fc12 (2009-12395)

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...

7.5CVSS5.7AI score0.02402EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.36 views

Fedora 11 : php-pear-Mail-1.1.14-5.fc11 (2009-12348)

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...

7.5CVSS5.7AI score0.02402EPSS
Exploits3References3
OSV
OSV
added 2009/11/29 1:7 p.m.6 views

CVE-2009-4111

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...

6.7AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2009/11/29 1:7 p.m.24 views

CVE-2009-4111

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...

6.8CVSS6AI score0.01637EPSS
Exploits2References1
CVE
CVE
added 2009/11/28 6:0 p.m.70 views

CVE-2009-4111

CVE-2009-4111 affects PEAR Mail’s Mail::Send implementation (Mail/sendmail.php) in the Mail package (v1.1.14, v1.2.0b2, and possibly other versions). The vulnerability allows remote attackers to read/write arbitrary files via a crafted $recipients parameter, a vector/impact separate from CVE-2009...

6.8CVSS9.3AI score0.01637EPSS
Exploits2References8Affected Software1
Rows per page
Query Builder