Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1129

Malware in sbrugna...

9.8CVSS7.7AI score0.03095EPSS
Exploits0References12
OSV
OSV
added 2024/03/06 11:11 a.m.29 views

BIT-WORDPRESS-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

9.8CVSS8.8AI score0.03095EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:1 a.m.24 views

BIT-PHPMAILER-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

9.8CVSS8.8AI score0.03095EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/16 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-5956-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.99714EPSS
Exploits67References2
OpenVAS
OpenVAS
added 2023/03/16 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-5956-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.99714EPSS
Exploits67References4
OSV
OSV
added 2023/03/15 7:58 p.m.4 views

USN-5956-2 libphp-phpmailer vulnerability

USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by...

6.1CVSS7AI score0.024EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2019-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.02211EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/08/05 12:0 a.m.33 views

Debian: Security Advisory (DLA-2731-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.03095EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/08/04 12:0 a.m.39 views

Debian DLA-2731-1 : wordpress - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2731 advisory. One security issue affects WordPress, a weblog manager, versions between 3.7 and 5.7. This update fixes the following security issues: Object injection in PHPMaile...

9.8CVSS6.5AI score0.03095EPSS
Exploits0References7
OSV
OSV
added 2021/05/04 5:42 p.m.31 views

GHSA-M298-FH5C-JC66 Object injection in PHPMailer/PHPMailer

Impact This is a reintroduction of an earlier issue CVE-2018-19296 by an unrelated bug fix in PHPMailer 6.1.8. An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP's support for .phar files. Exploitation requires that an attacker is able to provide...

9.8CVSS8.7AI score0.03095EPSS
Exploits0References7
Friends Of PHP
Friends Of PHP
added 2021/04/29 12:16 p.m.34 views

Object injection via local phar file

This is a security release. SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as ssh2 Ensure method signature consisten...

9.8CVSS8.8AI score0.03095EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/03/05 10:8 p.m.35 views

GHSA-7W4P-72J7-V7C2 Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

8.8CVSS9AI score0.02211EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2020/03/05 10:8 p.m.184 views

Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

8.8CVSS0.3AI score0.02211EPSS
Exploits0References12Affected Software1
Mageia
Mageia
added 2019/01/05 6:30 p.m.38 views

Updated php-phpmailer package fixes security vulnerability

Potential object injection vulnerability CVE-2018-19296...

8.8CVSS3.2AI score0.02211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.40 views

Fedora 28 : php-PHPMailer (2018-f73869d61e)

Version 5.2.27 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. Note that Tenable Network Security has extracted the preceding...

8.8CVSS6.5AI score0.02211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.39 views

Fedora 29 : php-PHPMailer (2018-a2e9bd6eae)

Version 5.2.27 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. Note that Tenable Network Security has extracted the preceding...

8.8CVSS6.5AI score0.02211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.39 views

Fedora 28 : php-phpmailer6 (2018-0f5e6e9957)

Version 6.0.6 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to...

8.8CVSS6.5AI score0.02211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.44 views

Fedora 29 : php-phpmailer6 (2018-18f3eff32b)

Version 6.0.6 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to...

8.8CVSS6.5AI score0.02211EPSS
Exploits0References2
Debian
Debian
added 2018/12/28 4:46 a.m.53 views

[SECURITY] [DLA 1591-2] libphp-phpmailer regression update

Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u5 CVE ID : CVE-2018-19296 A possible regression was found in the recent security update for libphp-phpmailer, announced as DLA 1591-1. During backporting a new variable have accidentally introduced to a conditional statement from a much later...

8.8CVSS8.7AI score0.02211EPSS
Exploits0
Debian
Debian
added 2018/12/07 2:51 p.m.44 views

[SECURITY] [DSA 4351-1] libphp-phpmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq -...

6.8CVSS2.8AI score0.02211EPSS
Exploits0
Rows per page
Query Builder