Search
Find a vulnerability
Search criteria
2 vulnerabilities found for mail by zetacomponents
CVE-2017-15806 (GCVE-0-2017-15806)
Vulnerability from nvd – Published: 2017-11-15 16:00 – Updated: 2024-08-05 20:04
VLAI
Summary
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43155/ | exploitx_refsource_EXPLOIT-DB |
| https://kay-malwarebenchmark.github.io/blog/cve-2… | x_refsource_MISC |
| https://kay-malwarebenchmark.github.io/blog/cve-2… | x_refsource_MISC |
| https://github.com/zetacomponents/Mail/issues/58 | x_refsource_CONFIRM |
| https://github.com/zetacomponents/Mail/releases/t… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101866 | vdb-entryx_refsource_BID |
Date Public
2017-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"name": "https://github.com/zetacomponents/Mail/issues/58",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"name": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15806",
"datePublished": "2017-11-15T16:00:00.000Z",
"dateReserved": "2017-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:04:50.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15806 (GCVE-0-2017-15806)
Vulnerability from cvelistv5 – Published: 2017-11-15 16:00 – Updated: 2024-08-05 20:04
VLAI
Summary
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43155/ | exploitx_refsource_EXPLOIT-DB |
| https://kay-malwarebenchmark.github.io/blog/cve-2… | x_refsource_MISC |
| https://kay-malwarebenchmark.github.io/blog/cve-2… | x_refsource_MISC |
| https://github.com/zetacomponents/Mail/issues/58 | x_refsource_CONFIRM |
| https://github.com/zetacomponents/Mail/releases/t… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101866 | vdb-entryx_refsource_BID |
Date Public
2017-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43155",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"name": "https://github.com/zetacomponents/Mail/issues/58",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"name": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15806",
"datePublished": "2017-11-15T16:00:00.000Z",
"dateReserved": "2017-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:04:50.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}