Skip to main content
CVE-2016-10033 CRITICAL POC KEV PATCH THREAT Act Now

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.5%
Threat
7.8
CVE-2016-10045 CRITICAL POC PATCH THREAT Act Now

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.4%.

Command Injection RCE Phpmailer WordPress Joomla
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
93.4%
Threat
6.3
CVE-2016-10034 CRITICAL POC PATCH THREAT Act Now

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Command Injection RCE Zend Framework Zend Mail
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
82.3%
Threat
5.9
CVE-2016-10074 CRITICAL POC PATCH THREAT Act Now

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Command Injection RCE Swiftmailer
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
75.5%
Threat
5.7
CVE-2016-10082 CRITICAL PATCH Act Now

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Authentication Bypass Serendipity
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-10085 HIGH PATCH This Week

admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Piwigo
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2016-10084 HIGH PATCH This Week

admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Piwigo
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2016-10088 HIGH PATCH This Week

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-10083 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy