Lucene search
K

8 matches found

OSV
OSV
added 2022/05/17 12:18 a.m.13 views

GHSA-HGR8-G756-VMG9 Zeta Components Mail Arbitrary code execution via a crafted email address

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS8.1AI score0.10652EPSS
Exploits3References9
Github Security Blog
Github Security Blog
added 2022/05/17 12:18 a.m.19 views

Zeta Components Mail Arbitrary code execution via a crafted email address

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS7.7AI score0.10652EPSS
Exploits3References9Affected Software1
0day.today
0day.today
added 2017/11/16 12:0 a.m.62 views

Zeta Components Mail 1.8.1 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: 'email protected -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

6.8CVSS8AI score0.10652EPSS
Exploits3
exploitpack
exploitpack
added 2017/11/16 12:0 a.m.116 views

Zeta Components Mail 1.8.1 - Remote Code Execution

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

6.8CVSS0.4AI score0.10652EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/11/16 12:0 a.m.65 views

Zeta Components Mail 1.8.1 - Remote Code Execution

Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into /var/www/html/cache/exploit.php. The resulting file will contain t...

8.1CVSS7AI score0.10652EPSS
Exploits3
Prion
Prion
added 2017/11/15 4:29 p.m.14 views

Code injection

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

6.8CVSS8.2AI score0.10652EPSS
Exploits3References6Affected Software1
OSV
OSV
added 2017/11/15 4:29 p.m.21 views

CVE-2017-15806

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS7.7AI score0.10652EPSS
Exploits3References6
CVE
CVE
added 2017/11/15 4:0 p.m.71 views

CVE-2017-15806

The CVE-2017-15806 issue affects Zeta Components Mail (ezcMailMtaTransport) prior to 1.8.2. The send() method uses PHP mail() and constructs the 5th parameter with -f{returnPath}, and improper restriction of characters in ezcMail returnPath permits a crafted address to trigger arbitrary code exec...

8.1CVSS8.1AI score0.10652EPSS
Exploits3References6Affected Software1
Rows per page
Query Builder