Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmailer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-3747
Joomla! 1.6.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
Joomla Joomla\\! 1.6.0
NA
CVE-2012-0796
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1)...
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.15
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.0.6
Moodle Moodle 2.0.5
Moodle Moodle 2.0.0
NA
CVE-2007-2021
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_...
Pineapple Technologies Lore 1.0
NA
CVE-2006-5734
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in ...
Adaptive Technology Resource Centre Atutor 1.5.3.2
NA
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer prior to 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote malicious users to execute arbitrary code via crafted input that is processed by the ...
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2.3
2 EDB exploits
NA
CVE-2008-4810
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote malicious users to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a doub...
Smarty Smarty 2.6.0
Smarty Smarty 2.4.0
Smarty Smarty 2.3.1
Smarty Smarty 1.5.1
Smarty Smarty 1.5.0
Smarty Smarty 1.4.0
Smarty Smarty 1.2.0
Smarty Smarty 1.1.0
Smarty Smarty 1.0b
Smarty Smarty 2.6.7
Smarty Smarty 2.6.9
Smarty Smarty 2.6.11
Smarty Smarty 2.6.12
Smarty Smarty 2.5.0
Smarty Smarty 2.3.0
Smarty Smarty 2.2.0
Smarty Smarty 2.1.1
Smarty Smarty 1.4.6
Smarty Smarty 1.4.5
Smarty Smarty 1.3.2
Smarty Smarty 1.0a
Smarty Smarty 1.0
NA
CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...
Snoopy Project Snoopy
Debian Debian Linux 4.0
Debian Debian Linux 5.0
Nagios Nagios
Wordpress Wordpress
NA
CVE-2008-4811
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and previous versions allows remote malicious users to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
Smarty Smarty 2.6.14
Smarty Smarty 2.6.15
Smarty Smarty 2.6.16
Smarty Smarty 2.4.2
Smarty Smarty 2.4.1
Smarty Smarty 2.0.1
Smarty Smarty 2.0.0
Smarty Smarty 1.4.3
Smarty Smarty 1.4.2
Smarty Smarty 1.4.1
Smarty Smarty 1.2.2
Smarty Smarty 1.2.1
Smarty Smarty 2.6.10
Smarty Smarty 2.6.17
Smarty Smarty 2.6.6
Smarty Smarty 2.6.0
Smarty Smarty 2.4.0
Smarty Smarty 2.3.1
Smarty Smarty 1.5.2
Smarty Smarty 1.5.1
Smarty Smarty 1.4.0
Smarty Smarty 1.2.0
NA
CVE-2008-5432
Cross-site scripting (XSS) vulnerability in Moodle prior to 1.6.8, 1.7 prior to 1.7.6, 1.8 prior to 1.8.7, and 1.9 prior to 1.9.3 allows remote malicious users to inject arbitrary web script or HTML via a Wiki page name (aka page title).
Moodle Moodle 1.6.6
Moodle Moodle 1.6.5
Moodle Moodle 1.5
Moodle Moodle 1.4.5
Moodle Moodle 1.3.2
Moodle Moodle 1.3.1
Moodle Moodle 1.7.4
Moodle Moodle 1.7.3
Moodle Moodle 1.8.4
Moodle Moodle 1.8.5
Moodle Moodle 1.6.4
Moodle Moodle 1.6.3
Moodle Moodle 1.4.4
Moodle Moodle 1.4.3
Moodle Moodle 1.3.0
Moodle Moodle 1.2.1
Moodle Moodle 1.7.2
Moodle Moodle 1.7.1
Moodle Moodle 1.8.6
Moodle Moodle 1.9.0
Moodle Moodle 1.6.1
Moodle Moodle 1.6.0
NA
CVE-2009-0499
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 prior to 1.7.7, 1.8 prior to 1.8.8, and 1.9 prior to 1.9.4 allows remote malicious users to delete unauthorized forum posts via a link or IMG tag to post.php.
Moodle Moodle 1.7.5
Moodle Moodle 1.7.6
Moodle Moodle 1.8.5
Moodle Moodle 1.9.2
Moodle Moodle 1.9.1
Moodle Moodle 1.7.3
Moodle Moodle 1.7.4
Moodle Moodle 1.8.4
Moodle Moodle 1.8.6
Moodle Moodle 1.7.1
Moodle Moodle 1.7.2
Moodle Moodle 1.8.2
Moodle Moodle 1.8.3
Moodle Moodle 1.9.3
Moodle Moodle 1.8.1
Moodle Moodle 1.8.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »