PHPMailer susceptible to arbitrary code execution

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)

A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...

CMSimple CMS: source code security analysis report

Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...

Code injection

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted 1 description field or 2 issuelink attribute in an XML file, which is not properly handled when executing the pregreplace function with the e modifier...

Sharetronix <= 3.1.1 Two PHP Code Injection Vulnerabilities

Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the 1 activitiestext parameter to services/activities/set or 2 commentstext parameter to services/comments/set, which is not properly handled when executing the pregreplace function with the e...

CVE-2013-1412

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...

Code injection

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

CVE-2012-6554

functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

Code injection

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

php execution vulnerability parsing-vulnerability warning-the black bar safety net

A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , the“and system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: ? php echo dir; ?& gt; The second file contains the code injection The file containing...

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

PHP code execution vulnerability summary-vulnerability warning-the black bar safety net

PHP security lovers of the feastthe Month of PHP Security it. Read php-security on many of the cattle below, to issue to the shared under a., are idols wow. A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec...

Code injection

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...

FreeBSD : roundcube -- remote execution of arbitrary code (8f483746-d45d-11dd-84ec-001fc66e7203)

Entry for CVE-2008-5619 says : html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...