Dawid_Golunski

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions prior to 20170427 0200-SVN **Description** The issue allows post-authentication remote code execution via a mishandled sendmail.cf file in a popen call. This can be exploited to execute arbitrary shell commands on the remote server. The problem lies in the Deliver SendMail.class.php file, specifically in the initStream function, which incorrectly uses escapeshellcmd() to sanitize the sendmail command. The `sendmail` command line, particularly the `-f$envelopefrom` part, is vulnerable to injection of arbitrary command parameters due to the lack of whitespace escaping. If the target server uses sendmail and SquirrelMail is configured to use it, an attacker can trick sendmail into using a malicious sendmail.cf file, leading to arbitrary command execution. This can be achieved by uploading a sendmail.cf file as an email attachment and then injecting the filename with the `-C` option in the "Options > Personal Informations > Email Address" setting. **Recommendations** For SquirrelMail versions prior to 20170427 0200-SVN, as a temporary workaround, consider disabling the use of sendmail as a command-line program in SquirrelMail configuration until a patch is available. Restrict access to the Deliver SendMail.class.php file to minimize the risk of exploitation. Avoid using the `envelopefrom` variable in the sendmail command line until the issue is resolved. Update to a version newer than 20170427 0200-SVN to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** The issue allows remote attackers to overwrite arbitrary CSS files. This is related to vectors involving "style import." **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** The issue might allow remote attackers to obtain sensitive information from ACP backups via certain vectors involving a short name. **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.8 MyBB Merge System versions prior to 1.8.8 **Description** The issue allows remote attackers to have an unspecified impact. It is related to "loose comparison false positives." **Recommendations** For MyBB versions prior to 1.8.8, update to version 1.8.8 or later. For MyBB Merge System versions prior to 1.8.8, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** zend-mail component versions prior to 2.4.11 zend-mail component versions 2.5.x zend-mail component versions 2.6.x zend-mail component versions 2.7.x prior to 2.7.2 Zend Framework versions prior to 2.4.11 **Description** The issue allows remote attackers to potentially execute arbitrary code by passing extra parameters to the mail command. This is achieved through a crafted e-mail address containing a backslash double quote (") in the `setFrom` function of the Sendmail adapter in the zend-mail component. **Recommendations** For versions prior to 2.4.11, update to version 2.4.11 or later. For versions 2.5.x, update to version 2.7.2 or later. For versions 2.6.x, update to version 2.7.2 or later. For versions 2.7.x prior to 2.7.2, update to version 2.7.2. As a temporary workaround, consider restricting the use of the `setFrom` function in the Sendmail adapter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Swift Mailer versions prior to 5.4.5 **Description** The issue allows remote attackers to potentially execute arbitrary code by passing extra parameters to the mail command. This can be achieved by including a (backslash double quote) in a crafted e-mail address within the From, ReturnPath, or Sender header. **Recommendations** For versions prior to 5.4.5, update to version 5.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of special characters in e-mail addresses within the From, ReturnPath, or Sender headers until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PHPMailer versions prior to 5.2.18 Wordpress version 4.6 **Description** The issue allows remote attackers to execute arbitrary code. This can be achieved by passing extra parameters to the mail command via a crafted Sender property in PHPMailer. There is a potential for remote code execution in Wordpress 4.6. **Recommendations** For PHPMailer versions prior to 5.2.18, update to version 5.2.18 or later to resolve the issue. For Wordpress version 4.6, update to a newer version to mitigate the risk of remote code execution.

**Name of the Vulnerable Software and Affected Versions** PHPMailer versions prior to 5.2.20 **Description** The issue is related to the isMail transport in PHPMailer, where improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code. **Recommendations** For versions prior to 5.2.20, update to version 5.2.20 or later to resolve the issue. As a temporary workaround, consider restricting the use of the isMail transport until a patch is available.