TYPO3 Remote Code Execution in third party library swiftmailer

TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution...

GHSA-G4PF-3JVQ-2GCW TYPO3 Remote Code Execution in third party library swiftmailer

TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution...

Command Injection

swiftmailer/swiftmailer is vulnerable to Command Injection. The vulnerability is due to improper handling of the "From" header when it comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands...

GHSA-45XG-4W5X-J429 TYPO3 Arbitrary Shell Execution in Swiftmailer library

The swiftmailer library in use allows to execute arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. Affected are only TYPO3 installation the configuration option $GLOBALS'TYPO3CONFVARS''MAIL''transport' is set to "sendmail"...

TYPO3 Arbitrary Shell Execution in Swiftmailer library

The swiftmailer library in use allows to execute arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. Affected are only TYPO3 installation the configuration option $GLOBALS'TYPO3CONFVARS''MAIL''transport' is set to "sendmail"...

PT-2024-40065 · Typo3 +1 · Typo3 +1

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows execution of arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. This is specifically related to the swiftmailer...

GHSA-4QPJ-GXXG-JQG4 Swiftmailer Sendmail transport arbitrary shell execution

Prior to 5.2.1, the sendmail transport SwiftTransportSendmailTransport was vulnerable to an arbitrary shell execution if the "From" header came from a non-trusted source and no "Return-Path" is configured. This has been fixed in 5.2.1. If you are using sendmail as a transport, you are encouraged ...

Swiftmailer Sendmail transport arbitrary shell execution

Prior to 5.2.1, the sendmail transport SwiftTransportSendmailTransport was vulnerable to an arbitrary shell execution if the "From" header came from a non-trusted source and no "Return-Path" is configured. This has been fixed in 5.2.1. If you are using sendmail as a transport, you are encouraged ...

PT-2024-40077 · Unknown · Swiftmailer

Name of the Vulnerable Software and Affected Versions: SwiftMailer versions prior to 5.2.1 Description: The issue allows for arbitrary shell execution if the From header comes from a non-trusted source and no Return-Path is configured. This can be exploited when using the sendmail transport,...

Debian: Security Advisory (DLA-792-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

swiftmailer/swiftmailer is vulnerable to arbitrary code execution. The malicious code can be passed through the extraParams variable used to send extra parameters if the From, ReturnPath or Sender header came from a non-trusted source...

Cross-Site Scripting (XSS)

swiftmailer/swiftmailer is vulnerable to cross-site scripting XSS. The vulnerability exists because \lib\classes\Swift\Mime\Headers\MailboxHeader.php uses unfiltered email address to print in the error message...

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

Detailed analysis of the PHP mail()function exploit techniques-vulnerability warning-the black bar safety net

This white paper aims to eliminate about PHP mail function in exploit the limitations of some of the misunderstandings, and demonstrate the use of the further development. It provides several on the PHP mailfunction of the new exploit and bypass the technology of the vector, in major PHP e-mail...

Debian DSA-3769-1 : libphp-swiftmailer - security update

Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers. %NASLMINLEVEL 70300 C Tenable...

Debian Security Advisory DSA 3769-1 (libphp-swiftmailer - security update)

Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers. OpenVAS Vulnerability Test $Id:...

DSA-3769-1 libphp-swiftmailer - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3769-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-792-1 : libphp-swiftmailer security update

Dawid Golunski from legalhackers-com 1 discovered that the mail transport in Swift Mailer allowed remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a ' backslash double quote in a crafted e-mail address in the From, ReturnPath, or Sender...

[SECURITY] [DLA 792-1] libphp-swiftmailer security update

Package : libphp-swiftmailer Version : 4.1.5-1+deb7u1 CVE ID : CVE-2016-10074 Debian Bug : 849626 Dawid Golunski from legalhackers-com 1 discovered that the mail transport in Swift Mailer allowed remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code...