Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 12:18 a.m.19 views

Zeta Components Mail Arbitrary code execution via a crafted email address

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS7.7AI score0.10652EPSS
Exploits3References9Affected Software1
OSV
OSV
added 2022/05/17 12:18 a.m.13 views

GHSA-HGR8-G756-VMG9 Zeta Components Mail Arbitrary code execution via a crafted email address

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS8.1AI score0.10652EPSS
Exploits3References9
Prion
Prion
added 2017/11/15 4:29 p.m.13 views

Code injection

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

6.8CVSS8.2AI score0.10652EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2017/11/15 4:29 p.m.30 views

CVE-2017-15806

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS8.2AI score0.10652EPSS
Exploits3References6
OSV
OSV
added 2017/11/15 4:29 p.m.19 views

CVE-2017-15806

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.1CVSS7.7AI score0.10652EPSS
Exploits3References6
Cvelist
Cvelist
added 2017/11/15 4:0 p.m.32 views

CVE-2017-15806

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

8.2AI score0.10652EPSS
Exploits3References6
CVE
CVE
added 2017/11/15 4:0 p.m.71 views

CVE-2017-15806

The CVE-2017-15806 issue affects Zeta Components Mail (ezcMailMtaTransport) prior to 1.8.2. The send() method uses PHP mail() and constructs the 5th parameter with -f{returnPath}, and improper restriction of characters in ezcMail returnPath permits a crafted address to trigger arbitrary code exec...

8.1CVSS8.1AI score0.10652EPSS
Exploits3References6Affected Software1
CNVD
CNVD
added 2017/11/14 12:0 a.m.8 views

Zeta Components Mail Remote Code Execution Vulnerability

Zeta Components is a high-quality , general-purpose application development library based on PHP 5 implementation . A remote code execution vulnerability exists in the Zeta Components Mail library version 1.8.1 and earlier, which can be exploited by an attacker to execute arbitrary code on a serv...

8.1CVSS8.7AI score0.10652EPSS
Exploits3References1
Rows per page
Query Builder