18 matches found
Ubuntu: Security Advisory (USN-5956-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5956-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5956-2 libphp-phpmailer vulnerability
USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by...
Mageia: Security Advisory (MGASA-2017-0022)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1591-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u4 CVE IDs : CVE-2017-5223 CVE-2018-19296 It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language: CVE-2017-5223: Local file disclosure vulnerability via relative path HTML...
Debian: Security Advisory (DLA-1591-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHPMailer Local Information Disclosure (CVE-2017-5223) - Ver2
An information disclosure vulnerability exists in PHPMailer. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
PHPMailer 5.2.21 Local File Disclosure
Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...
PHPMailer 5.2.21 Local File Disclosure Exploit
Exploit for php platform in category local exploits Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "email protected"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer...
PHPMailer < 5.2.21 - Local File Disclosure
Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...
PHPMailer 5.2.21 - Local File Disclosure
PHPMailer 5.2.21 - Local File Disclosure Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message";...
[SECURITY] [DLA 817-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.1-1.3+deb7u1 CVE ID : CVE-2017-5223 Debian Bug : 853232 It was discovered that there was a local file disclosure vulnerability in libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of HTML messages could potentially be used by...
Updated php-phpmailer packages fix security vulnerabilities
It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address CVE-2016-10033. It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability...
Fedora 24 : php-PHPMailer (2017-c3dc97e1e1)
Version 5.2.22 January 5th 2017 - SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images wi...
CVE-2017-5223
CVE-2017-5223 affects PHPMailer before 5.2.22. The vulnerability arises in msgHTML, which transforms HTML and may convert relative image URLs to attachments using a base directory. If no base directory is provided, relative URLs become absolute local file paths, enabling local file disclosure whe...
CVE-2017-5223
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...
FreeBSD : phpmailer -- Remote Code Execution (7ae0be99-d8bb-11e6-9b7f-d43d7e971a1b)
SecurityFocus reports : PHPMailer is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Local File Disclosure
SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...