8 matches found
GHSA-738M-F33V-QC2R SMTP Injection in PHPMailer
Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. Patches Fixed in 5.2.14 in this commit. Workarounds Manually strip line breaks from email addresses before passing...
Security fix for the ALT Linux 9 package phpipam version 1.26.050-alt1
Dec. 26, 2016 Alexey Shabalin 1.26.050-alt1 - git snapshot of master branch b99412648829471f3a336036f5cd138b8f131721 - install PHPMailer from upstream fixed CVE-2015-8476,CVE-2016-10033,CVE-2016-10045...
Fedora 23 : php-PHPMailer-5.2.14-1.fc23 (2015-abf9659276)
New upstream release: fixes CVE-2015-8476. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
Mageia: Security Advisory (MGASA-2015-0484)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated php-phpmailer packages fix CVE-2015-8476
Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...
MGASA-2015-0484 Updated php-phpmailer packages fix CVE-2015-8476
Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...
CVE-2015-8476
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an 1 email address to the validateAddress function in class.phpmailer.php or 2 SMTP command to the sendCommand function in class.smtp.php, a different...
CVE-2015-8476
PHPMailer CVE-2015-8476 describes CRLF injection vulnerabilities allowing arbitrary SMTP commands via CRLF in (1) an email address used in validateAddress() or (2) an SMTP command routed through sendCommand(). Affected versions are before 5.2.14. Public sources (Debian, Fedora advisories, GHSA) c...