 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2006-1015 |
| Description: | Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-1015 BugTraq ID: 16878 http://www.securityfocus.com/bid/16878 Bugtraq: 20060301 Re: (PHP) mb_send_mail security bypass (Google Search) http://www.securityfocus.com/archive/1/426497/100/0/threaded http://secunia.com/advisories/19979 http://securityreason.com/securityalert/517 SuSE Security Announcement: SUSE-SA:2006:024 (Google Search) http://www.novell.com/linux/security/advisories/05-05-2006.html |