Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Dec 2016 09:19:28 -0500
From: Michael Hess <mlhess@...ch.edu>
To: oss-security@...ts.openwall.com
Subject: Re: PHPMailer < 5.2.18 Remote Code Execution [updated
 advisory] [CVE-2016-10033]

David,
You might want to hold off on releasing this until wordpress has a patch out.

https://core.trac.wordpress.org/ticket/37210

Michael

On Tue, Dec 27, 2016 at 6:45 AM, Dawid Golunski <dawid@...alhackers.com> wrote:
> PHPMailer < 5.2.18 Remote Code Execution
> CVE-2016-10033
>
> Attaching an updated version of the advisory with more details + simple PoC.
>
> Still incomplete. There will be more updates/exploits soon at:
>
> https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
>
> https://twitter.com/dawid_golunski
>
> --
> Regards,
> Dawid Golunski
> https://legalhackers.com
> t: @dawid_golunski

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ