Ubuntu: Security Advisory (USN-5956-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5956-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K73926196: PHPMailer vulnerability CVE-2016-10045

Security Advisory Description The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in...

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement...

GHSA-5F37-GXVH-23V6 Remote code execution in PHPMailer

Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...

GHSA-4PC3-96MX-WWC8 Remote code execution in PHPMailer

Impact The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in...

Remote code execution in PHPMailer

Impact The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in...

CVE-2016-10045

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmailerarginjection.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:44+00:00| seen|...

PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

PHPMailer &lt; 5.2.20 with Exim MTA - Remote Code Execution

!/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE : CVE-2016-10033,CVE-2016-10074,CVE-2016-10034,CVE-2016-10045 @phacktul -...

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

F5 Networks BIG-IP : PHPMailer vulnerability (K73926196)

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure

https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html Date: 04-Apr-2017 Product: SmartJobBoard Versions affected: v5.0.9 and below. Vulnerability: 1 Cross-site scripting vulnerabilities in the following locations and...

[ASA-201701-22] wordpress: multiple issues

Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issue...

Fedora Update for php-PHPMailer FEDORA-2016-6941d25875

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-3750-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHPMailer / Zend-mail / SwiftMailer Remote Code Execution

!/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit a.k.a "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 +...

Debian DSA-3750-1 : libphp-phpmailer - security update

Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch...

Debian DLA-770-2 : libphp-phpmailer regression update

Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch...

Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail

A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security...