Download
| Alert*
|
oval:org.secpod.oval:def:602723
A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem. The original advisory text follows for referecen. Dawid Golunski discovered that PHPMailer, a popular library t ... oval:org.secpod.oval:def:1900493 The mailSend function in the is Mail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted Sender property. oval:org.secpod.oval:def:111901 Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails ... oval:org.secpod.oval:def:602721 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch pro ... oval:org.secpod.oval:def:111866 Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails ... oval:org.secpod.oval:def:1800831 CVE-2016-10033 The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set, might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted From address. Fixed In Version phpmai ... oval:org.secpod.oval:def:1800847 CVE-2016-10033: The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set, might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted From address. Fixed In Version: phpm ... |
