EUVD-2005-3878

Malware in sbrugna...

SUSE CVE-2006-1014

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mbsendmail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X...

Cross site scripting

Out-of-bounds write in the 1 mbdetectencoding, 2 mbsendmail, and 3 mbdetectorder functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors...

UBUNTU-CVE-2016-6870

Out-of-bounds write in the 1 mbdetectencoding, 2 mbsendmail, and 3 mbdetectorder functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors...

CVE-2006-1014

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mbsendmail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X...

PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation

No description provided by source. source: http://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, a...

PHP mb_send_mail() Function Parameter Security Bypass

According to its banner, the version of PHP installed on the remote host is affected by a flaw that allows an attacker to gain unauthorized privileges. When used with sendmail and when accepting remote input for the additionalparameters argument to the mbsendmail function, it is possible for...

SUSE-SA:2006:024: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2006:024 php4,php5. This update fixes the following security issues in the scripting languages PHP4 and PHP5: - copy and tempnam functions could bypass openbasedir restrictions CVE-2006-1494 - Cross-Site-Scripting XSS bug in phpinfo...

security flaw

CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...

(PHP) mb_send_mail security bypass

Vulnerable: PHP4, PHP5 with use of sendmail 8.13.4 When safemode disabled and openbasedir restriction in effect, we can pass extra parameters to sendmail command in mail function, especially the -C and -X arguments. -C for alternate configuration file -X to log all in a file Can be used to view...

mb_send_mail() PHP safe mode protection bypass

mbsendmail and imap unfctions allow to access system files...

PHP 4.x5.05.1 with Sendmail Mail Function - additional_param Arbitrary File Creation

PHP 4.x5.05.1 with Sendmail Mail Function - additionalparam Arbitrary File Creation source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in...

PHP 4.x5.05.1 - mb_send_mail() Restriction Bypass

PHP 4.x5.05.1 - mbsendmail Restriction Bypass source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail'...

PHP 4.x/5.0/5.1 - 'mb_send_mail()' Restriction Bypass

source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safemode' and 'openbasedir' security settings to be bypassed. These issues reside in the 'mbsendmail' function, the 'mail' function, and various PHP IMAP functions...

USN-232-1: PHP vulnerabilities

Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mbsendmail message headers modification, etc...

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mbsendmail message headers modification, etc...

CVE-2005-3883

PHP before 5.1.0 contains a CRLF header-injection flaw in mb_send_mail that can be exploited remotely via the To address to inject arbitrary email headers. Multiple OpenVAS/Nessus results corroborate CVE-2005-3883 as part of broader PHP

CVE-2005-3883

CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mbsendmail message headers modification, etc...