153 matches found
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
security flaw
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
PT-2002-1991 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.2.2 Description: The issue allows attackers to bypass safe mode restrictions and modify command line arguments to the MTA, such as sendmail, in the 5th argument to the mail function, potentially altering MTA behavio...
[SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 168-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18th, 2002 http://www.debian.org/security/faq -...
DSA-168 php - bypassing safe_mode, CRLF injection
Bulletin has no description...
PHP fails to filter ASCII control characters from string arguments of mail() function
Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...
PHP: Bypass safe_mode and inject ASCII control chars with mail()
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: PHP Version: 4.x up to 4.2.2 Vendor: http://www.php.net/ Author: Wojciech Purczynski [email protected] Date: June 13, 2002 Updated: August 23, 2002 Released: August 21, 2002 Issue: ====== Two vulnerabilities exists in mail PHP function. The first...
CVE-2001-1246
CVE-2001-1246 affects PHP versions 4.0.5–4.1.0 running in safe mode. The fifth parameter to mail() is not properly sanitized, enabling local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Multiple connected documents (NVD/Nessus advisories) describe th...
CVE-2001-1246
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters...
PT-2001-2378 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions 4.0.5 through 4.1.0 Description: The issue is related to the mail function in PHP, where the 5th parameter is not properly cleansed in safe mode, allowing local users and possibly remote attackers to execute arbitrary commands vi...