Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for mail by zetacomponents
CVE-2017-15806 (GCVE-0-2017-15806)
Vulnerability from nvd – Published: 2017-11-15 16:00 – Updated: 2024-08-05 20:04
VLAI?
Summary
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2017-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"name": "https://github.com/zetacomponents/Mail/issues/58",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"name": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15806",
"datePublished": "2017-11-15T16:00:00.000Z",
"dateReserved": "2017-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:04:50.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15806 (GCVE-0-2017-15806)
Vulnerability from cvelistv5 – Published: 2017-11-15 16:00 – Updated: 2024-08-05 20:04
VLAI?
Summary
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2017-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"name": "https://github.com/zetacomponents/Mail/issues/58",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"name": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15806",
"datePublished": "2017-11-15T16:00:00.000Z",
"dateReserved": "2017-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:04:50.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}