41 matches found
EUVD-2002-2193
Malware in sbrugna...
EUVD-2023-1681
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2010-4150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in the imapdoopen function in the IMAP extension ext/imap/phpimap.c in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to...
CVE-2023-35169
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
CVE-2023-35169
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
Remote code execution
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
CVE-2023-35169
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
CVE-2023-35169
The CVE-2023-35169 issue affects PHP-IMAP (Webklex/php-imap) up to version 5.2.x when attachments are saved via Attachment::save(path, filename) without a sanitized or provided filename. This enables a directory traversal in unsanitized attachment filenames, allowing unauthenticated attackers to ...
CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...
Directory Traversal
webklex/laravel-imap and webklex/php-imap are vulnerable to Directory Traversal. The vulnerability exists due to a lack of filename attachment sanitization which allows an attacker to save a file to an arbitrary location...
php-imap vulnerable to RCE through a directory traversal vulnerability
Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...
GHSA-47P7-XFCC-4PV9 php-imap vulnerable to RCE through a directory traversal vulnerability
Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...
CVE-2023-35169
creationtimestamp| type| source ---|---|--- 2023-06-21 18:58:05+00:00| published-proof-of-concept| https://github.com/Webklex/php-imap/security/advisories/GHSA-47p7-xfcc-4pv9...
PT-2023-25180 · Webklex +1 · Webklex/Laravel-Imap +2
Name of the Vulnerable Software and Affected Versions: PHP-IMAP versions prior to 5.3.0 Description: An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that...
SUSE CVE-2003-1303
Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...
SUSE CVE-2010-4150
Double free vulnerability in the imapdoopen function in the IMAP extension ext/imap/phpimap.c in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via unspecified vectors...
SUSE CVE-2018-19935
ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function...
UBUNTU-CVE-2018-19935
ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function...
CVE-2018-1000859
creationtimestamp| type| source ---|---|--- 2018-11-27 22:53:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/phpimapopenrce.rb...