21 matches found
EUVD-2009-3994
Malware in sbrugna...
GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
The remote host is affected by the vulnerability described in GLSA-201412-09 Multiple packages, Multiple vulnerabilities fixed in 2011 Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail...
Multiple packages, Multiple vulnerabilities fixed in 2011
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM...
openSUSE Security Update : php5-pear-mail (openSUSE-SU-2010:0909-1)
Passing specially crafted $from and $recepient arguments to php5-pear-mail's sendmail.php allowed attackers to inject shell code CVE-2009-4023, CVE-2009-4111. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
Mandriva Update for php-pear-Mail MDVSA-2010:025 (php-pear-Mail)
Check for the Version of php-pear-Mail OpenVAS Vulnerability Test Mandriva Update for php-pear-Mail MDVSA-2010:025 php-pear-Mail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Mandriva Update for php-pear-Mail MDVSA-2010:025 (php-pear-Mail)
Check for the Version of php-pear-Mail OpenVAS Vulnerability Test Mandriva Update for php-pear-Mail MDVSA-2010:025 php-pear-Mail Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
PEAR Mail软件包Recipient参数注入漏洞
BUGTRAQ ID: 37395 CVE ID: CVE-2009-4111 PEAR是“PHP扩展和应用库”的缩写,用于为PHP用户提供结构化的开源代码库。 PEAR的Mail软件包中Mail/sendmail.php没有正确地过滤$recipients参数,远程攻击者可以通过提交恶意请求读写任意文件。 PEAR Mail 1.1.4 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1938-1)以及相应补丁: DSA-1938-1:New php-mail packages fix insufficient input sanitising...
Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12439. OpenVAS Vulnerability Test $Id: fcore200912439.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12439 php-pear-Mail Authors: Thomas Reinke Copyright:...
Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12348. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12348. OpenVAS Vulnerability Test $Id: fcore200912348.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12348 php-pear-Mail Authors: Thomas Reinke Copyright:...
Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. OpenVAS Vulnerability Test $Id: fcore200912395.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12395 php-pear-Mail Authors: Thomas Reinke Copyright:...
Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12439. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
[SECURITY] Fedora 12 Update: php-pear-Mail-1.1.14-5.fc12
PEAR's Mail package defines an interface for implementing mailers under the PEAR hierarchy. It also provides supporting functions useful to multiple mailer backends. Currently supported backends include: PHP's native mail function, sendmail, and SMTP. This package also provides a RFC822 email...
[SECURITY] Fedora 11 Update: php-pear-Mail-1.1.14-5.fc11
PEAR's Mail package defines an interface for implementing mailers under the PEAR hierarchy. It also provides supporting functions useful to multiple mailer backends. Currently supported backends include: PHP's native mail function, sendmail, and SMTP. This package also provides a RFC822 email...
Fedora 10 : php-pear-Mail-1.1.14-5.fc10 (2009-12439)
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...
Fedora 12 : php-pear-Mail-1.1.14-5.fc12 (2009-12395)
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...
DEBIAN-CVE-2009-4111
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...
PEAR Mail软件包Sendmail Mail::Send()方式参数注入漏洞
BUGTRAQ ID: 37081 PEAR是“PHP扩展和应用库”的缩写,用于为PHP用户提供结构化的开源代码库。 PEAR的Mail软件包中sendmail实现没有正确地过滤对Mail::Send方式所提交的from参数,远程攻击者可以向sendmail命令传送任意参数,绕过安全限制获取任意文件的内容。 PEAR Mail 1.1.4 厂商补丁: PEAR ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
All PEAR Mail functions contain an arbitrary file write vulnerability-vulnerability warning-the black bar safety net
出现 问题 的 地方 位于 Sendmail.php ...... if ! isset$from return PEAR::raiseError'No from address given.'; elseif strpos$from, ' ' !== false || strpos$from, ';' !== false || strpos$from, '&' !== false || strpos$from, "' !== false return PEAR::raiseError'From address specified with dangerous characters.';...