CVE-2007-3215
https://notcve.org/view.php?id=CVE-2007-3215
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. PHPMailer 1.7, cuando está configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del intérprete de comandos (shell) a través de los metacaracterés del intérprete de comandos en la función SendmailSend en class.phpmailer.php. • http://larholm.com/2007/06/11/phpmailer-0day-remote-execution http://osvdb.org/37206 http://osvdb.org/76139 http://seclists.org/fulldisclosure/2011/Oct/223 http://secunia.com/advisories/25626 http://secunia.com/advisories/25755 http://secunia.com/advisories/25758 http://securityreason.com/securityalert/2802 http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374 http://www.debian.org/security/2007/dsa-1315 http://www.securityfocus.com/archive/1/471065 •
CVE-2005-1807 – PHPMailer 1.7 - 'Data()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-1807
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. • https://www.exploit-db.com/exploits/25752 http://seclists.org/lists/bugtraq/2005/May/0337.html http://secunia.com/advisories/15543 http://secunia.com/advisories/18732 http://secunia.com/advisories/25726 http://securitytracker.com/id?1014069 http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031 http://www.cybsec.com/vuln/PHPMailer-DOS.pdf http://www.securityfocus.com/bid/13805 http://www.vupen.com/english/advisories/2006/0448 http://www.vupen.com& •