Lucene search
K

8 matches found

OSV
OSV
added 2020/03/05 10:9 p.m.17 views

GHSA-738M-F33V-QC2R SMTP Injection in PHPMailer

Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. Patches Fixed in 5.2.14 in this commit. Workarounds Manually strip line breaks from email addresses before passing...

5CVSS9.3AI score0.01988EPSS
Exploits0References11
ALT Linux
ALT Linux
added 2016/12/26 12:0 a.m.46 views

Security fix for the ALT Linux 9 package phpipam version 1.26.050-alt1

Dec. 26, 2016 Alexey Shabalin 1.26.050-alt1 - git snapshot of master branch b99412648829471f3a336036f5cd138b8f131721 - install PHPMailer from upstream fixed CVE-2015-8476,CVE-2016-10033,CVE-2016-10045...

7.5CVSS9.4AI score0.99714EPSS
Exploits59
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.28 views

Fedora 23 : php-PHPMailer-5.2.14-1.fc23 (2015-abf9659276)

New upstream release: fixes CVE-2015-8476. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

5CVSS7.4AI score0.01988EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/12/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2015-0484)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.5AI score0.01988EPSS
Exploits0References5
Mageia
Mageia
added 2015/12/24 11:8 a.m.38 views

Updated php-phpmailer packages fix CVE-2015-8476

Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS9.4AI score0.01988EPSS
Exploits0References3
OSV
OSV
added 2015/12/24 11:8 a.m.9 views

MGASA-2015-0484 Updated php-phpmailer packages fix CVE-2015-8476

Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS6.6AI score0.01988EPSS
Exploits0References4
OSV
OSV
added 2015/12/16 9:59 p.m.7 views

CVE-2015-8476

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an 1 email address to the validateAddress function in class.phpmailer.php or 2 SMTP command to the sendCommand function in class.smtp.php, a different...

7.1AI score
Exploits0References8
CVE
CVE
added 2015/12/16 9:0 p.m.103 views

CVE-2015-8476

PHPMailer CVE-2015-8476 describes CRLF injection vulnerabilities allowing arbitrary SMTP commands via CRLF in (1) an email address used in validateAddress() or (2) an SMTP command routed through sendCommand(). Affected versions are before 5.2.14. Public sources (Debian, Fedora advisories, GHSA) c...

5CVSS9.6AI score0.01988EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder