44 matches found
Roundcube 1.2.2 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with...
Roundcube 1.2.2 - Remote Code Execution
Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with RIPS Introduction ------------ Roundcube is a widely...
Debian DLA-737-1 : roundcube security update
It was discovered that there was a vulnerability where a remote user could execute arbitrary commands in Roundcube, a webmail solution for IMAP servers, by sending a specially crafted email. This was due to lack of sanitisation of the arguments to PHP's 'mail' function. For Debian 7 'Wheezy', thi...
Roundcube Webmail < 1.1.7, 1.2.x < 1.2.3 RCE Vulnerability
Roundcube Webmail is prone to a remote code execution RCE vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...
CVE-2007-1717
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...
LetterIt 2.0 - (inc/session.php) Remote File Include Vulnerability
漏洞软件:LetterIt 2.0 软件下载:http://sourceforge.net/projects/letterit.berlios/ 漏洞类型:RFI 远程文件包含漏洞 软件介绍: LetterIt 2.0 是一个基于WEB页面的邮件列表管理器,安装简单并且支持多国语言。它可以通过PHP Mail,sendmail,qmail,SMTP 或者pickup mode(Windows下)等多种方式发送HTML 或者 Text文本消息以及附件到指定邮件列表。 漏洞分析: 这个远程文件包含漏洞出现在LetterIt 2.0的 “inc/session.php” 文件中。 漏洞代码:...
Debian DSA-1938-1 : php-mail - programming error
It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
[SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1938-1 [email protected] http://www.debian.org/security/ Steffen Joeris November 23, 2009 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-1938-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1938-1 (php-mail)
The remote host is missing an update to php-mail announced via advisory DSA 1938-1. OpenVAS Vulnerability Test $Id: deb19381.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1938-1 php-mail Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
DSA-1938-1 php-mail - insufficient input sanitising
Bulletin has no description...
security flaw
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...
PHP mail() function invalid characters processing
Unfiltered rn and 0 characters allows strings injection and header truncation...
CVE-2007-1717
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...
CVE-2007-1717
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...
CVE-2007-1718
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...
Code injection
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...
CVE-2007-1717
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...
CVE-2006-4210
numail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when registerglobals is enabled, allows remote attackers to use the server as an open mail relay via modified mailtext2, userrow5, numail1, and shopmail parameters. NOTE: some of these details are obtained from third party information...
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...