CVE-2016-10045 – PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando de correo y consecuentemente ejecutar código arbitrario aprovechando una interacción inapropiada entre la función escapeshellarg y un escape interno realizado en la función mail en PHP. NOTA: esta vulnerabilidad existe debido a una incorrecta reparación de CVE-2016-10033. • https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 http://openwall.com/lists/oss-security/2016/12/28/1 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html http://seclists.org/fulldisclosure/2016/Dec/81 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection http://www.securityfocus& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-10033 – WordPress Core 4.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobles) en una propiedad Sender manipulada. PHPMailer version 5.2.17 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/41962 https://www.exploit-db.com/exploits/42024 https://www.exploit-db.com/exploits/41996 https://www.exploit-db.com/exploits/40974 https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40970 https://www.exploit-db.com/exploits/40968 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 https://github.com/opsxcq/exploit-CVE-2016-10033 https://github.com/GeneralTesler/CVE- • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2015-8769
https://notcve.org/view.php?id=CVE-2015-8769
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! 3.x en versiones anteriores a 3.4.7 permite a atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/79679 http://www.securitytracker.com/id/1034658 https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-8563
https://notcve.org/view.php?id=CVE-2015-8563
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en el componente com_templates en Joomla! 3.2.0 hasta la versión 3.3.x y 3.4.x en versiones anteriores a 3.4.6 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://www.securityfocus.com/bid/79199 https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-8565
https://notcve.org/view.php?id=CVE-2015-8565
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. Vulnerabilidad de salto de directorio en Joomla! 3.2.0 hasta la versión 3.3.x y 3.4.x en versiones anteriores a 3.4.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos • https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •