Debian: Security Advisory (DLA-770)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement...

[SECURITY] Fedora 32 Update: php-phpmailer6-6.1.6-2.fc32

PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...

GHSA-7W4P-72J7-V7C2 Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software...

WordPress Postie 1.9.40 Cross Site Scripting

Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link: https://wordpress.org/plugins/postie/developers Version:...

Path traversal

Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...

MGASA-2017-0438 Updated php-phpmailer packages fix security vulnerability

Debugoutput wasn't set in constructor according to SAPI in use, resulting in potential XSS in default debug output...

Jomres 9.8.22 and previous PHPMailer vulnerability

Jomres versions 9.8.20 and previous contain PHP Mailer library vulnerable to CVE-2016-10033 Jomres versions 9.8.22 and previous contain PHP Mailer library vulnerable to CVE-2016-10045 Resolution: update to version 9.8.24 Update notice: http://updates.jomres4.net/CHANGELOGJOMRES...

Chronoforms 5.0.13 PHP mailer vulnerability

Chronoforms 5.0.13 and previous versions include PHP Mailer library vulnerable to CVE-2016-10045 Resolution: update to 5.0.14 Update notice: https://www.chronoengine.com/forums/posts/t102804/p363944/phpmailer-library.html...

AcyMailing 5.6.0 PHP Mailer vulnerability

AcyMailing 5.6.0 and previous versions include PHP Mailer library vulnerable to CVE-2016-10033 and CVE-2016-10045 Resolution: update to 5.6.1 Update notice: https://www.acyba.com/68-acymailing-changelog.html...

Chronoforms 5.0.12 PHP mailer vulnerability

Chronoforms 5.0.12 and previous versions include PHP Mailer library vulnerable to CVE-2016-10033 Resolution: update to 5.0.13 Update notice: https://www.chronoengine.com/forums/posts/t102804/p363944/phpmailer-library.html...

MGASA-2015-0484 Updated php-phpmailer packages fix CVE-2015-8476

Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

PHPMailer 'class.phpmailer.php'安全绕过漏洞

No description provided by source...

CS-Cart <= 1.3.3 - (classes_dir) Remote File Include Vulnerability

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ CS-Cart 1.3.3 classesdir = Remote File Include Vulnerability $$ Script site: http://www.cs-cart.com $$ Dork: Powered by CS-Cart - Shopping Cart Software $$...

AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting

Click Me, Please...\r\n NOTE: javascript html char encode = javaScRipt then you will be able to get into the victim's mailbox via the url: http://WebSite/AfterLogic/Default.aspx Phpmailer class is included in the exploit so you need to download it here and run the exploit in the phpmailer...

SmarterMail 11.x Cross Site Scripting

Click Me, Please...\r\n NOTE: javascript html char encode = javaScRipt then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the exploit so you need to download it here and run the exploit in the phpmailer...

MGASA-2013-0285 Updated wordpress and php-phpmailer packages fix security vulnerabilities

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations CVE-2013-4338. WordPress before 3.6.1 does not properly validate URLs before...

PHP Classifieds 7.3 Remote File Inclusion

================================== PHP Classifieds v7.3 RFI Vulnerability ================================== ==================================================== x ExpL0it TitLe : PHP Classifieds v7.3 RFI Vulnerability x DatE : 09 September 2010 x AutH0r : alsa7r x Contact : [email protected] x...

PHP Classifieds 7.3 Remote File Inclusion Vulnerability

Exploit for php platform in category web applications ======================================================= PHP Classifieds 7.3 Remote File Inclusion Vulnerability ======================================================= ==================================================== x ExpL0it TitLe : PHP...