Download
| Alert*
|
oval:org.secpod.oval:def:602301
Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library for email transfer, used by many CMSs. The library accepted email addresses and SMTP commands containing line breaks, which can be abused by an attacker to inject messages. oval:org.secpod.oval:def:602302 libphp-phpmailer is installed oval:org.secpod.oval:def:705628 libphp-phpmailer: full featured email transfer class for PHP Attachments with specially crafted filenames could bypass filename-based mail attachment filters. oval:org.secpod.oval:def:1901471 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. oval:org.secpod.oval:def:603585 It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:53474 It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:2000512 PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. oval:org.secpod.oval:def:1900892 An issue was discovered in PHPMailer before 5.2.22. PHPMailer"s msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base dire ... oval:org.secpod.oval:def:602723 A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem. The original advisory text follows for referecen. Dawid Golunski discovered that PHPMailer, a popular library t ... oval:org.secpod.oval:def:1900493 The mailSend function in the is Mail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted Sender property. oval:org.secpod.oval:def:602721 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch pro ... oval:org.secpod.oval:def:1901127 The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: ... |
