CVE

Id
87572  
CVE No.
CVE-2016-10074  
Status
Candidate  
Description
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.  
Phase
Assigned (20161227)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
764189 87572 CVE-2016-10074 EXPLOIT-DB:40972  View
764190 87572 CVE-2016-10074 URL:https://www.exploit-db.com/exploits/40972/  View
764191 87572 CVE-2016-10074 FULLDISC:20161229 SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)  View
764192 87572 CVE-2016-10074 URL:http://seclists.org/fulldisclosure/2016/Dec/86  View
764193 87572 CVE-2016-10074 MISC:http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html  View
764194 87572 CVE-2016-10074 MISC:https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html  View
764195 87572 CVE-2016-10074 CONFIRM:https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES  View
764196 87572 CVE-2016-10074 BID:95140  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
1857 JVNDB-2016-002630 Windows および Mac OS X 上で稼動する Adobe Reader および Acrobat における任意のコードを実行される脆弱性 Windows および Mac OS X 上で稼動する Adobe Reader および Acrobat には、解放済みメモリの使用 (Use-after-free) により、任意のコードを実行される脆弱性が存在します。 CVE-2016-1066 87572 10 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002630.html  View