12 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-3603
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by oth...
Ubuntu: Security Advisory (USN-5956-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5956-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0345)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : mantis -- multiple vulnerabilities (9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3)
Mantis 2.25.1 and 2.25.2 releases report : Security and maintenance release, PHPMailer update to 6.5.0 - 0028552: XSS in managecustomfieldeditpage.php CVE-2021-33557 - 0028821: Update PHPMailer to 6.5.0 CVE-2021-3603, CVE-2020-36326 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Fedora: Security Advisory for php-phpmailer6 (FEDORA-2021-bfc34b3d5c)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PHPMailer untrusted code may be run from an overridden address validator
If a function is defined that has the same name as the default built-in email address validation scheme php, it will be called in default configuration as when no validation scheme is provided, the default scheme's callable php was being called. If an attacker is able to inject such a function in...
CVE-2021-3603
PHPMailer CVE-2021-3603 affects PHPMailer 6.4.1 and earlier, where validateAddress() could call an untrusted function named php if patternselect is 'php' and a global function php exists. This occurs when user-provided input injects such a function into the host project scope. The issue is mitiga...
PHPMailer < 6.5.0 RCE Vulnerability
PHPMailer is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
RCE affecting Windows hosts via UNC paths to translation files
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
Untrusted code may be run from an overridden address validator
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
mantis -- multiple vulnerabilities
Mantis 2.25.1 and 2.25.2 releases report: Security and maintenance release, PHPMailer update to 6.5.0 0028552: XSS in managecustomfieldeditpage.php CVE-2021-33557 0028821: Update PHPMailer to 6.5.0 CVE-2021-3603, CVE-2020-36326...