20 matches found
K46057232: Swift Mailer vulnerability CVE-2016-10074
Security Advisory Description The mail transport aka SwiftTransportMailTransport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted e-mail address in the 1 From,...
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
!/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE : CVE-2016-10033,CVE-2016-10074,CVE-2016-10034,CVE-2016-10045 @phacktul -...
Debian DSA-3769-1 : libphp-swiftmailer - security update
Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers. %NASLMINLEVEL 70300 C Tenable...
[SECURITY] [DSA 3769-1] libphp-swiftmailer security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3769-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 22, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 792-1] libphp-swiftmailer security update
Package : libphp-swiftmailer Version : 4.1.5-1+deb7u1 CVE ID : CVE-2016-10074 Debian Bug : 849626 Dawid Golunski from legalhackers-com 1 discovered that the mail transport in Swift Mailer allowed remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code...
Fedora 25 : php-swiftmailer (2016-f7ef82c1b4)
Version 5.4.5 2016-12-29 - SECURITY FIX: fixed CVE-2016-10074 by disallowing potentially unsafe shell characters Prior to 5.4.5, the mail transport SwiftTransportMailTransport was vulnerable to passing arbitrary shell arguments if the 'From', 'ReturnPath' or 'Sender' header came from a non-truste...
Fedora 24 : php-swiftmailer (2016-b65e546846)
Version 5.4.5 2016-12-29 - SECURITY FIX: fixed CVE-2016-10074 by disallowing potentially unsafe shell characters Prior to 5.4.5, the mail transport SwiftTransportMailTransport was vulnerable to passing arbitrary shell arguments if the 'From', 'ReturnPath' or 'Sender' header came from a non-truste...
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
!/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit a.k.a "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 +...
Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail
A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security...
UBUNTU-CVE-2016-10074
The mail transport aka SwiftTransportMailTransport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted e-mail address in the 1 From, 2 ReturnPath, or 3 Sender...
CVE-2016-10074
Swift Mailer (library: swiftmailer/swiftmailer) is affected by CVE-2016-10074. The mail transport (Swift_Transport_MailTransport) before version 5.4.5 allows remote attackers to pass extra parameters to the mail command, enabling arbitrary code execution via a backslash-double-quote in a crafted ...
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
DESCRIPTION ------------------------- SwiftMailer class uses PHP mail function as its default transport. SwiftMailer suffers from the same vulnerability as the one disclosed in PHPMailer in the advisory at:...
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities
Critical remote code execution vulnerabilities in two different libraries used to send emails via PHP were patched this week. An issue in PHPMailer, thought fixed, was resolved with an update, version 5.2.21, pushed late Wednesday. Developers with another mailing library for PHP, SwiftMailer,...
Remote Code Execution when using the mail transport
More info at https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html...
SwiftMailer 5.4.5-DEV - Remote Code Execution Exploit
Exploit for php platform in category web applications 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/...
SwiftMailer Remote Code Execution
09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // ------------------...
SwiftMailer RCE Vulnerability
SwiftMailer is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SwiftMailer < 5.4.5-DEV - Remote Code Execution
09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // ------------------...