All the vulnerabilites related to squirrelmail - squirrelmail
Vulnerability from fkie_nvd
Published
2017-04-20 14:59
Modified
2024-11-21 03:32
Severity ?
Summary
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C38706-0DAB-45C2-8D50-9EE10930A7D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It\u0027s possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn\u0027t escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it\u0027s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the \"Options \u003e Personal Informations \u003e Email Address\" setting."
},
{
"lang": "es",
"value": "SquirrelMail versi\u00f3n 1.4.22 (y otras versiones anteriores a 20170427_0200-SVN), permite la ejecuci\u00f3n de c\u00f3digo remota de autenticaci\u00f3n posterior por medio de un archivo sendmail.cf que es manejado inapropiadamente en una llamada emergente. Es posible explotar esta vulnerabilidad para ejecutar comandos de shell arbitrarios en el servidor remoto. El problema est\u00e1 en el archivo Deliver_SendMail.class.php con la funci\u00f3n initStream que usa escapeshellcmd() para sanear el comando sendmail antes de ejecutarlo. El uso de escapeshellcmd() no es correcto en este caso, ya que no escapa de espacios en blanco, lo que permite la inyecci\u00f3n de par\u00e1metros de comando arbitrario. El problema est\u00e1 en -f$envelopefrom dentro de la l\u00ednea de comando de sendmail. Por lo tanto, si el servidor de destino usa sendmail y SquirrelMail est\u00e1 configurado para usarlo como un programa de l\u00ednea de comandos, es posible enga\u00f1ar a sendmail para que use un archivo de configuraci\u00f3n proporcionado por un atacante que activa la ejecuci\u00f3n de un comando arbitrario. Para su explotaci\u00f3n, el atacante debe cargar un archivo sendmail.cf como un archivo adjunto de correo electr\u00f3nico e inyectar el nombre de archivo sendmail.cf con la opci\u00f3n -C dentro de la configuraci\u00f3n \"Options ) Personal Information ) Email Address\"."
}
],
"id": "CVE-2017-7692",
"lastModified": "2024-11-21T03:32:28.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T14:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/04/19/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2017/04/27/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3852"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/98067"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038312"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201709-13"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/41910/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/04/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2017/04/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201709-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41910/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-10 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | gpg_plugin | 2.0 | |
| squirrelmail | squirrelmail | 1.4.10a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA23CE0F-9CD1-41BC-8DAE-BBAFD5FBFA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow \"local authenticated users\" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el plugin G/PGP (GPG) versiones anteriores a 2.1 para Squirrelmail, podr\u00edan permitir a \"local authenticated users\" inyectar ciertos comandos por medio de vectores no especificados. NOTA: esto podr\u00eda solaparse con CVE-2005-1924, CVE-2006-4169 o CVE-2007-3634."
}
],
"id": "CVE-2007-3635",
"lastModified": "2024-11-21T00:33:42.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-10T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45789"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/plugin_view.php?id=153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/plugin_view.php?id=153"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.",
"lastModified": "2007-07-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03ACCA23-A7AF-4879-8750-89238D49EFCC",
"versionEndIncluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php."
}
],
"id": "CVE-2002-1131",
"lastModified": "2024-11-20T23:40:39.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=311\u0026release_id=110774"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10145.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=311\u0026release_id=110774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10145.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5763"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-01 11:15
Modified
2024-11-21 04:23
Severity ?
Summary
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * | |
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D65DD2CD-1219-44CB-87F2-1C15CB984576",
"versionEndIncluding": "1.5.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element."
},
{
"lang": "es",
"value": "Se detect\u00f3 un XSS en SquirrelMail hasta la versi\u00f3n 1.4.22 y versi\u00f3n 1.5.x hasta 1.5.2. Debido al manejo inapropiado de los elementos de tipo RCDATA y RAWTEXT, el mecanismo de saneamiento incorporado puede ser omitido. El contenido de script malicioso del correo electr\u00f3nico HTML puede ejecutarse dentro del contexto de la aplicaci\u00f3n por medio de la utilizaci\u00f3n creada de (por ejemplo) un elemento NOEMBED, NOFRAMES, NOSCRIPT o TEXTAREA."
}
],
"id": "CVE-2019-12970",
"lastModified": "2024-11-21T04:23:55.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-01T11:15:09.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/0"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Jul/50"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Jul/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE87803-6C17-4FC8-9091-920E25E28C3B",
"versionEndIncluding": "1.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75E2349D-4B4C-469C-82CE-09C4B526BCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BD44ECE5-7C33-4200-9F36-2E8D5D7DB2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \\n (newline) character, a different vulnerability than CVE-2010-4555."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF (se refiere a CR (retorno de carro) y LF (salto de l\u00ednea)en SquirrelMail v1.4.21 y anteriores, que permite a atacantes remotos modificar o a\u00f1adir valores de preferencia a trav\u00e9s de un retorno de carro o nueva l\u00ednea de car\u00e1cter.\r\nEs una vulnerabilidad diferente a CVE-2010-4555."
}
],
"id": "CVE-2011-2752",
"lastModified": "2024-11-21T01:28:53.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-17T20:55:01.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68587"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-13 23:19
Modified
2024-11-21 00:31
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C849FC4-0D96-4537-B2E6-1B0287128EDA",
"versionEndIncluding": "1.4.8.4fc6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en SquirrelMail 1.4.8-4.fc6 y anteriores permite a atacantes remotos realizar acciones no especificada en usuarios de su elecci\u00f3n a trav\u00e9s de vectores no especificados. NOTA: Este asunto podr\u00eda solaparse con CVE-2007-2589 o CVE-2002-1648."
}
],
"id": "CVE-2007-2631",
"lastModified": "2024-11-21T00:31:16.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-13T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35890"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/468220/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/468253/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468220/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468253/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-05 18:29
Modified
2024-11-21 03:50
Severity ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cmath\u003e\u003cmaction xlink:href=\" attack."
},
{
"lang": "es",
"value": "La p\u00e1gina de visualizaci\u00f3n de mensajes de email en SquirrelMail hasta la versi\u00f3n 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque \""
}
],
"id": "CVE-2018-14952",
"lastModified": "2024-11-21T03:50:09.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-05T18:29:00.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-25 17:30
Modified
2024-11-21 01:06
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "233C72FD-F76C-4192-8981-72757E4E093E",
"versionEndIncluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "80FE1297-04B7-4F1D-B932-1015EE3070C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*",
"matchCriteriaId": "0F28456D-EA59-4900-AEAD-F8CB06F5129D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D58980B8-6D4B-4E90-8410-80FDD7CF15C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en SquirrelMail v1.4.19 y anteriores permite a atacantes remotos secuestrar la autenticacion de victimas inespecificas a traves de caracteristicas tales como \"enviar mensaje\" y \"cambiar preferencias\", relacionado con (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, y (17) src/vcard.php."
}
],
"id": "CVE-2009-2964",
"lastModified": "2024-11-21T01:06:10.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-25T17:30:01.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
},
{
"source": "cve@mitre.org",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN30881447/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60469"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34627"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36363"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37415"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40964"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/57001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36196"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-08-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2262"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
},
{
"source": "cve@mitre.org",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN30881447/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/57001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-08-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-18 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en read_body.php de SquirrelMail 1.2.10, 1.2.9, y anteriores, permite a atacantes remotos la inserci\u00f3n de rutinas y c\u00f3digo HTML mediante:\r\n\r\nmailbox\r\npar\u00e1metros passed_id"
}
],
"id": "CVE-2002-1341",
"lastModified": "2024-11-20T23:41:04.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://f0kp.iplus.ru/bz/008.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103893844126484\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103911130503272\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104004924002662\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8220"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6302"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://f0kp.iplus.ru/bz/008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103893844126484\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103911130503272\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104004924002662\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-10 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | gpg_plugin | 2.0 | |
| squirrelmail | squirrelmail | 1.4.10a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA23CE0F-9CD1-41BC-8DAE-BBAFD5FBFA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en G/PGP (GPG) Plugin 2.1 para Squirrelmail permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no especificados. NOTA: esta informaci\u00f3n est\u00e1 basada en un pre-aviso poco preciso de un investigador creible."
}
],
"id": "CVE-2007-3636",
"lastModified": "2024-11-21T00:33:42.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-10T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45790"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24828"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.",
"lastModified": "2007-07-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-14 17:30
Modified
2024-11-21 01:02
Severity ?
Summary
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FF0DF6-AEEC-4099-B1C4-19EDC1FDD564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23AEC37-88CE-488D-B9D2-2B0322D0FC8A",
"versionEndIncluding": "1.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application\u0027s content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message."
},
{
"lang": "es",
"value": "functions/mime.php en SquirrelMail versiones anteriores a v1.4.18 no protege el contenido de la aplicaci\u00f3n de Cascading Style Sheets (CSS) posicionado en mensajes de correo HTML, lo cual permite a atacantes remotos falsear la interfaz de usuario, y conducir ataques de secuencias de comandos en sitios cruzados (XSS) y phishing, a trav\u00e9s de mensajes manipulados."
}
],
"id": "CVE-2009-1581",
"lastModified": "2024-11-21T01:02:49.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-14T17:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35259"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
},
{
"source": "cve@mitre.org",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-29 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.44 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables."
}
],
"id": "CVE-2005-0104",
"lastModified": "2024-11-20T23:54:25.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14096"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-20"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19036"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-20 13:15
Modified
2024-11-21 05:04
Severity ?
Summary
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/06/20/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/06/20/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C38706-0DAB-45C2-8D50-9EE10930A7D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php."
},
{
"lang": "es",
"value": "El archivo compose.php en SquirrelMail versi\u00f3n 1.4.22, invoca la falta de serializaci\u00f3n del valor de $mailtodata, que se origina a partir de una petici\u00f3n HTTP GET. Esto est\u00e1 relacionado con mailto.php"
}
],
"id": "CVE-2020-14932",
"lastModified": "2024-11-21T05:04:27.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-20T13:15:10.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-23 00:02
Modified
2024-11-21 00:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F871A9BC-DEDF-4175-9130-BA787638BE30",
"versionEndIncluding": "1.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter."
},
{
"lang": "es",
"value": ""
}
],
"id": "CVE-2006-3174",
"lastModified": "2024-11-21T00:12:59.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-23T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26610"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18700"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has not been able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-22 20:30
Modified
2024-11-21 01:02
Severity ?
Summary
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | imap_general.php | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.6-rc1 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.0-r1 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.2-r1 | |
| squirrelmail | squirrelmail | 1.4.2-r2 | |
| squirrelmail | squirrelmail | 1.4.2-r3 | |
| squirrelmail | squirrelmail | 1.4.2-r4 | |
| squirrelmail | squirrelmail | 1.4.2-r5 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail1.4.19-1 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:imap_general.php:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "181400A1-714E-4CC1-A8C4-071C4C7ADAB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "80FE1297-04B7-4F1D-B932-1015EE3070C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*",
"matchCriteriaId": "0F28456D-EA59-4900-AEAD-F8CB06F5129D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail1.4.19-1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EC97E5-CD9F-42F9-B2B5-E5909339CC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579."
},
{
"lang": "es",
"value": "La funci\u00f3n map_yp_alias en functions/imap_general.php en SquirrelMail anteriores a v1.4.19-1 en Debian GNU/Linux, y posiblemente otras versiones y sistemas operativos, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres shell en una cadena de nombre de usuario, que es usada por el programa ypmatch. NOTA: Esta caracter\u00edstica existe por una resoluci\u00f3n deficiente de la vulnerabilidad CVE-2009-1579."
}
],
"id": "CVE-2009-1381",
"lastModified": "2024-11-21T01:02:20.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-22T20:30:00.703",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:122"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/503718/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503718/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of squirrelmail as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n\nUpdates for squirrelmail released via RHSA-2009:1066 (https://rhn.redhat.com/errata/RHSA-2009-1066.html) fixed original flaw CVE-2009-1579 without introducing CVE-2009-1381.",
"lastModified": "2009-05-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2024-11-20 23:44
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C074F72-1E2A-4ED9-90B5-80F2D7905B33",
"versionEndIncluding": "1.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client\u0027s web browser."
}
],
"id": "CVE-2003-0160",
"lastModified": "2024-11-20T23:44:06.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953\u0026forum_id=1988"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-112.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953\u0026forum_id=1988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-10 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | gpg_plugin | 2.0 | |
| squirrelmail | squirrelmail | 1.4.10a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA23CE0F-9CD1-41BC-8DAE-BBAFD5FBFA34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en el plugin G/PGP (GPG) versi\u00f3n 2.0 para Squirrelmail versi\u00f3n 1.4.10a, permite a usuarios autenticados remotoss ejecutar comandos arbitrarios por medio de vectores no especificados, posiblemente relacionados con la variable passphrase en la funci\u00f3n gpg_sign_attachment, tambi\u00e9n se conoce como ZD-0000000004. Esta informaci\u00f3n est\u00e1 basada en un aviso vago de una organizaci\u00f3n de ventas de informaci\u00f3n sobre vulnerabilidades que no coordina con los proveedores o publica avisos procesables. Ha sido asignado un CVE con fines de seguimiento, pero duplicidades con otros CVE son dif\u00edciles de determinar."
}
],
"id": "CVE-2007-3634",
"lastModified": "2024-11-21T00:33:42.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-10T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45788"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24782"
},
{
"source": "cve@mitre.org",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.",
"lastModified": "2007-07-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-17 14:29
Modified
2024-11-21 04:14
Severity ?
Summary
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.22 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C38706-0DAB-45C2-8D50-9EE10930A7D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php."
},
{
"lang": "es",
"value": "Un error de salto de directorio en SquirrelMail 1.4.22 permite que un atacante autenticado exfiltre (o elimine) archivos del servidor que los aloja. Esto est\u00e1 relacionado con ../ en el campo att_local_name en Deliver.class.php."
}
],
"id": "CVE-2018-8741",
"lastModified": "2024-11-21T04:14:15.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-17T14:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040554"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-18 11:48
Modified
2024-11-21 01:38
Severity ?
Summary
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | - | |
| redhat | enterprise_linux | 4 | |
| redhat | enterprise_linux | 5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4C8AC6-80BA-456F-997B-FC38A8E2F060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2C244C-82F6-49BC-B7F7-54AB989C43E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813."
},
{
"lang": "es",
"value": "functions/imap_general.php en SquirrelMail, tal y como se usa ??en Red Hat Enterprise Linux (RHEL) v4 y v5 no trata correctamente los caracteres de 8 bits en las contrase\u00f1as, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por excesivo consumo de disco) haciendo muchos intentos de acceso IMAP con diferentes nombres de usuario, lo que lleva a la creaci\u00f3n de muchos archivos de preferencias. NOTA: este problema existe debido a una reparaci\u00f3n incorrecta al CVE-2010-2813."
}
],
"id": "CVE-2012-2124",
"lastModified": "2024-11-21T01:38:32.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-18T11:48:39.840",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0126.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51730"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/22"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814671"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-02 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/6775.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/2968 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.squirrelmail.org/changelog.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/6775.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2968 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squirrelmail.org/changelog.php |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP."
}
],
"id": "CVE-2001-1159",
"lastModified": "2024-11-20T23:37:01.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/6775.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2968"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/6775.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-06 20:06
Modified
2024-11-21 00:12
Severity ?
Summary
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * | |
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72558D26-AFC8-450A-9642-7A657119DED8",
"versionEndIncluding": "1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable"
}
],
"evaluatorSolution": "Successful exploitation requires that \"register_globals\" is enabled and \"magic_quotes_gpc\" is disabled.",
"id": "CVE-2006-2842",
"lastModified": "2024-11-21T00:12:13.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-06T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20406"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20931"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21159"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016209"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16\u0026r2=1.27.2.17\u0026view=patch\u0026pathrev=SM-1_4-STABLE"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0547.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435605/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18231"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/security/issue/2006-06-01"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16\u0026r2=1.27.2.17\u0026view=patch\u0026pathrev=SM-1_4-STABLE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435605/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/security/issue/2006-06-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| sgi | propack | 3.0 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.5_dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*",
"matchCriteriaId": "49EA7F58-14C6-4860-B276-46C9FCF91B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elecci\u00f3n mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php."
}
],
"id": "CVE-2004-0520",
"lastModified": "2024-11-20T23:48:46.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11870"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-24 00:02
Modified
2024-11-21 00:05
Severity ?
Summary
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS."
}
],
"id": "CVE-2006-0188",
"lastModified": "2024-11-21T00:05:52.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-24T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18985"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19130"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19131"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19176"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19205"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19960"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20210"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015662"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/security/issue/2006-02-01"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/security/issue/2006-02-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag."
}
],
"id": "CVE-2002-1649",
"lastModified": "2024-11-20T23:41:48.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3956"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-01 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.5_dev | |
| gentoo | linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*",
"matchCriteriaId": "49EA7F58-14C6-4860-B276-46C9FCF91B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML."
}
],
"id": "CVE-2004-1036",
"lastModified": "2024-11-20T23:49:57.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000905"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110012133608004\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110012133608004\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 17:30
Modified
2024-11-21 01:14
Severity ?
Summary
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * | |
| fedoraproject | fedora | 11 | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| apple | mac_os_x | * | |
| apple | mac_os_x_server | * | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85CDDA-ED8F-4878-807D-D725E83354F9",
"versionEndIncluding": "1.4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5472AEFC-EA25-49B1-AA2B-8405099B4FBE",
"versionEndExcluding": "10.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD16A092-B263-400F-BD7E-94DEB5D57EDB",
"versionEndExcluding": "10.6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number."
},
{
"lang": "es",
"value": "El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un n\u00famero de puerto POP3 modificado."
}
],
"id": "CVE-2010-1637",
"lastModified": "2024-11-21T01:14:51.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-06-22T17:30:01.103",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://squirrelmail.org/security/issue/2010-06-21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:120"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1535"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1536"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/40307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://squirrelmail.org/security/issue/2010-06-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/40307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/1554"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-14 23:55
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE87803-6C17-4FC8-9091-920E25E28C3B",
"versionEndIncluding": "1.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75E2349D-4B4C-469C-82CE-09C4B526BCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BD44ECE5-7C33-4200-9F36-2E8D5D7DB2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the \u003e (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail v1.4.21 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores que comprenden (1) listas desplegables de selecci\u00f3n, (2) caracter \u003e (mayor que) en el plugin SquirrelSpell spellchecking, y (3) errores asociados con la p\u00e1gina Index Order (tambi\u00e9n conocido como options_order)"
}
],
"id": "CVE-2010-4555",
"lastModified": "2024-11-21T01:21:12.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-14T23:55:01.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-19 18:00
Modified
2024-11-21 01:17
Severity ?
Summary
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85CDDA-ED8F-4878-807D-D725E83354F9",
"versionEndIncluding": "1.4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*",
"matchCriteriaId": "0F28456D-EA59-4900-AEAD-F8CB06F5129D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D58980B8-6D4B-4E90-8410-80FDD7CF15C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."
},
{
"lang": "es",
"value": "functions/imap_general.php en SquirrelMail anterior a v1.4.21 no maneja adecuadamente los caracteres de 8-bits en contrase\u00f1as, lo cual permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de disco) realizando muchos intentos de inicio de sesi\u00f3n IMAP con diferentes nombres de usuario, llevando a la creaci\u00f3n de muchos ficheros de preferencias."
}
],
"id": "CVE-2010-2813",
"lastModified": "2024-11-21T01:17:25.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-19T18:00:05.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40964"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40971"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://squirrelmail.org/security/issue/2010-07-23"
},
{
"source": "cve@mitre.org",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch\u0026r1=13972\u0026r2=13971\u0026pathrev=13972"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42399"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://squirrelmail.org/security/issue/2010-07-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch\u0026r1=13972\u0026r2=13971\u0026pathrev=13972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-24 00:02
Modified
2024-11-21 00:05
Severity ?
Summary
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) \"/*\" and \"*/\" comments, or (2) a newline in a \"url\" specifier, which is processed by certain web browsers including Internet Explorer."
}
],
"id": "CVE-2006-0195",
"lastModified": "2024-11-21T00:05:53.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-24T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18985"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19130"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19131"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19176"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19205"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19960"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20210"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015662"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/security/issue/2006-02-10"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/security/issue/2006-02-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-11 04:20
Modified
2024-11-21 00:31
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.3aa | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6 | |
| squirrelmail | squirrelmail | 1.4.6_cvs | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4.7 | |
| squirrelmail | squirrelmail | 1.4.8 | |
| squirrelmail | squirrelmail | 1.4.9 | |
| squirrelmail | squirrelmail | 1.4.9a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el compose.php del SquirrelMail 1.4.0 hasta la 1.4.9a permite a atacantes remotos enviar correos electr\u00f3nicos desde usuarios de su elecci\u00f3n, a trav\u00e9s de determinados datos en el atributo SRC de un elemento IMG."
}
],
"id": "CVE-2007-2589",
"lastModified": "2024-11-21T00:31:10.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-11T04:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35889"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25200"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25787"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34219"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-05 18:29
Modified
2024-11-21 03:50
Severity ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cmath xlink:href=\" attack."
},
{
"lang": "es",
"value": "La p\u00e1gina de visualizaci\u00f3n de mensajes de email en SquirrelMail hasta la versi\u00f3n 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque \""
}
],
"id": "CVE-2018-14953",
"lastModified": "2024-11-21T03:50:09.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-05T18:29:00.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2024-11-21 00:58
Severity ?
Summary
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users\u0027 folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663."
},
{
"lang": "es",
"value": "Un parche para Red Hat SquirrelMail v1.4.8 establece el mismo valor de la cookie SQMSESSID para todas las sesiones, lo que permite a usuarios autenticados remotamente acceder a las listas de carpetas y datos de configuraci\u00f3n de otros usuarios en circunstancias oportunas utilizando la interfaz est\u00e1ndar de webmail.php. NOTA: esta vulnerabilidad existe debido a un parche incorrecto para CVE-2008-3663."
}
],
"id": "CVE-2009-0030",
"lastModified": "2024-11-21T00:58:54.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-21T20:30:00.407",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33611"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1021611"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/33354"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480224"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480488"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0057.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-14 23:55
Modified
2024-11-21 01:21
Severity ?
Summary
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE87803-6C17-4FC8-9091-920E25E28C3B",
"versionEndIncluding": "1.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75E2349D-4B4C-469C-82CE-09C4B526BCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BD44ECE5-7C33-4200-9F36-2E8D5D7DB2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
},
{
"lang": "es",
"value": "functions/page_header.php en SquirrelMail v1.4.21 y anteriores no previene el renderizado de p\u00e1ginas dentro de un marco en un documento HTML de terceros, haci\u00e9ndolo m\u00e1s f\u00e1cil a atacantes remotos para realizar ataques de clickjacking mediante un sitio web manipulado."
}
],
"id": "CVE-2010-4554",
"lastModified": "2024-11-21T01:21:12.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-14T23:55:01.660",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch\u0026r1=14117\u0026r2=14116\u0026pathrev=14117"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720693"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch\u0026r1=14117\u0026r2=14116\u0026pathrev=14117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-14 17:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FF0DF6-AEEC-4099-B1C4-19EDC1FDD564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23AEC37-88CE-488D-B9D2-2B0322D0FC8A",
"versionEndIncluding": "1.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail versiones anteriores a v1.4.18 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s de vectores envueltos en (1) determinadas cadenas encriptadas en cabeceras de correos electr\u00f3nicos, relacionado con contrib/decrypt_headers.php; (2) PHP_SELF; y (3) la cadena \"query\" (tambi\u00e9n conocido como QUERY_STRING)."
}
],
"id": "CVE-2009-1578",
"lastModified": "2024-11-21T01:02:49.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-14T17:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60468"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35259"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37415"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672\u0026r2=13671\u0026pathrev=13672"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670\u0026r2=13669\u0026pathrev=13670"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13670"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13672"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"source": "cve@mitre.org",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672\u0026r2=13671\u0026pathrev=13672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670\u0026r2=13669\u0026pathrev=13670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-24 14:56
Modified
2024-11-21 00:49
Severity ?
Summary
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
},
{
"lang": "es",
"value": "Squirrelmail 1.4.15 no establece la bandera de seguridad para la cookie de sesi\u00f3n en una sesi\u00f3n https, lo que podr\u00eda provocar que la cookie pudiera ser enviada en peticiones http y facilitar a atacantes remotos capturar esta cookie."
}
],
"id": "CVE-2008-3663",
"lastModified": "2024-11-21T00:49:49.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-24T14:56:52.537",
"references": [
{
"source": "cve@mitre.org",
"url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4304"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "cve@mitre.org",
"url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31321"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been fixed in the affected Red Hat Enterprise Linux versions via: https://rhn.redhat.com/errata/RHSA-2009-0010.html",
"lastModified": "2009-01-12T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-24 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2005-0103",
"lastModified": "2024-11-20T23:54:25.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-24T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19037"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-05 18:29
Modified
2024-11-21 03:50
Severity ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute."
},
{
"lang": "es",
"value": "La p\u00e1gina de visualizaci\u00f3n de mensajes de email en SquirrelMail hasta la versi\u00f3n 1.4.22 tiene Cross-Site Scripting (XSS) mediante el atributo formaction."
}
],
"id": "CVE-2018-14954",
"lastModified": "2024-11-21T03:50:10.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-05T18:29:00.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-29 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers."
}
],
"id": "CVE-2005-0075",
"lastModified": "2024-11-20T23:54:21.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-14"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-16 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.44 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message."
}
],
"id": "CVE-2005-1769",
"lastModified": "2024-11-20T23:58:05.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-16T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=111893827711390\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:108"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-06-15"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111893827711390\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2005-06-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-05 11:28
Modified
2024-11-21 00:21
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3aa | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6 | |
| squirrelmail | squirrelmail | 1.4.6_cvs | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4.7 | |
| squirrelmail | squirrelmail | 1.4_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.0 hasta 1.4.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) par\u00e1metro mailto en (a) webmail.php, los par\u00e1metros (2) session y (3) delete_draft en (b) compose.php, y (4) vectores no especificados implicando \"a shortcoming in the magicHTML filter.\""
}
],
"id": "CVE-2006-6142",
"lastModified": "2024-11-21T00:21:58.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-05T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2438"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2439"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23195"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23322"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23409"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23504"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23811"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24004"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017327"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
},
{
"source": "cve@mitre.org",
"url": "http://squirrelmail.org/security/issue/2006-12-02"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1241"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4828"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-849"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://squirrelmail.org/security/issue/2006-12-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-11 21:04
Modified
2024-11-21 00:14
Severity ?
Summary
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6 | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4.7 | |
| squirrelmail | squirrelmail | 1.4_rc1 | |
| squirrelmail | squirrelmail | 1.44 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users."
},
{
"lang": "es",
"value": "Vulnerabilidad de evaluaci\u00f3n de variable din\u00e1mica en compose.php en SquirrelMail 1.4.0 hasta la versi\u00f3n 1.4.7 permite a atacantes remotos sobreescribir variables del programa arbitrarias y leer o escribir los archivos adjuntos y preferencias de otros usuarios."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSquirrelMail, SquirrelMail, 1.4.8",
"id": "CVE-2006-4019",
"lastModified": "2024-11-21T00:14:57.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-11T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-August/000970.html"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115532449024178\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21354"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21586"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22080"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22104"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22487"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016689"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1154"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27917"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0668.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442980/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442993/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19486"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/security/issue/2006-08-11"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3271"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-577"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-August/000970.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115532449024178\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0668.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442980/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442993/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/security/issue/2006-08-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) \"\u003c\u003cscript\" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag."
}
],
"id": "CVE-2002-2086",
"lastModified": "2024-11-20T23:42:50.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=544658\u0026group_id=311\u0026atid=100311"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=545933\u0026group_id=311\u0026atid=100311"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4666"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4667"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=544658\u0026group_id=311\u0026atid=100311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=545933\u0026group_id=311\u0026atid=100311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter."
}
],
"id": "CVE-2002-1650",
"lastModified": "2024-11-20T23:41:48.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-14 17:30
Modified
2024-11-21 01:02
Severity ?
Summary
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23AEC37-88CE-488D-B9D2-2B0322D0FC8A",
"versionEndIncluding": "1.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en SquirrelMail versiones anteriores a v1.4.18 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de una cookie manipulada."
}
],
"id": "CVE-2009-1580",
"lastModified": "2024-11-21T01:02:49.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-14T17:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13676"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-05 18:29
Modified
2024-11-21 03:50
Severity ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003csvg\u003e\u003ca xlink:href=\" attack."
},
{
"lang": "es",
"value": "La p\u00e1gina de visualizaci\u00f3n de mensajes de email en SquirrelMail hasta la versi\u00f3n 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque \""
}
],
"id": "CVE-2018-14950",
"lastModified": "2024-11-21T03:50:09.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-05T18:29:00.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open_webmail | open_webmail | 2.30 | |
| open_webmail | open_webmail | 2.31 | |
| open_webmail | open_webmail | 2.32 | |
| sgi | propack | 3.0 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.5_dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*",
"matchCriteriaId": "49EA7F58-14C6-4860-B276-46C9FCF91B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script de su elecci\u00f3n mediante (1) la variable $mailer en read_body.php, (2) la variable $senderNames_part en mailbox_display.php, y posiblemente otros vectores,incluyendo (3) la variable $event_text."
}
],
"id": "CVE-2004-0639",
"lastModified": "2024-11-20T23:49:02.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10450"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03ACCA23-A7AF-4879-8750-89238D49EFCC",
"versionEndIncluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script."
}
],
"id": "CVE-2002-1132",
"lastModified": "2024-11-20T23:40:40.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10345.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10345.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5949"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters."
}
],
"id": "CVE-2002-1648",
"lastModified": "2024-11-20T23:41:48.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/3956"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/3956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-24 00:02
Modified
2024-11-21 00:06
Severity ?
Summary
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka \"IMAP injection.\""
}
],
"id": "CVE-2006-0377",
"lastModified": "2024-11-21T00:06:19.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-24T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18985"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19130"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19131"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19176"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19205"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19960"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20210"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015662"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-15"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-05 18:29
Modified
2024-11-21 03:50
Severity ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cform action=\u0027data:text\" attack."
},
{
"lang": "es",
"value": "La p\u00e1gina de visualizaci\u00f3n de mensajes de email en SquirrelMail hasta la versi\u00f3n 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque \""
}
],
"id": "CVE-2018-14951",
"lastModified": "2024-11-21T03:50:09.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-05T18:29:00.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-18 15:47
Modified
2024-11-21 00:14
Severity ?
Summary
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while \"cookie theft\" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this."
},
{
"lang": "es",
"value": "SquirrelMail 1.4.6 y anteriores, con register_globals habilitado, permite a atacantes remotos secuestrar cookies en src/redirect.php a trav\u00e9s de vectores desconocidos. NOTA: mientras que el \"robo de la cookie\" se asocia con el XSS, el vendedor indica que es muy impreciso que esto sea cierto."
}
],
"id": "CVE-2006-3665",
"lastModified": "2024-11-21T00:14:08.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-18T15:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17005"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2708"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27632"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-20 13:15
Modified
2024-11-21 05:04
Severity ?
Summary
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/06/20/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/06/20/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C38706-0DAB-45C2-8D50-9EE10930A7D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded)."
},
{
"lang": "es",
"value": "** EN DISPUTA ** compose.php en SquirrelMail 1.4.22 llama a unserialize para el valor $attachments, que se origina en una petici\u00f3n HTTP POST. NOTA: el proveedor disputa esto porque no se cumplen estas dos condiciones para la inyecci\u00f3n de objetos PHP: existencia de un m\u00e9todo m\u00e1gico PHP (como __wakeup o __destruct), y cualquier clase relevante para el ataque debe ser declarada antes de llamar a unserialize (o debe ser autocargada). ."
}
],
"id": "CVE-2020-14933",
"lastModified": "2024-11-21T05:04:28.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-20T13:15:10.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | propack | 3.0 | |
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en SquirrelMail anteriores a 1.4.3 RC1 permite a atacantes remotos ejecutar sentencias SQL no autorizadas, con impacto desconocido, probablemente mediante abook_database.php."
}
],
"id": "CVE-2004-0521",
"lastModified": "2024-11-20T23:48:46.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108309375029888"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11685"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11686"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11870"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12289"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6841"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10397"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16235"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108309375029888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks."
},
{
"lang": "es",
"value": "Un arreglo incompleto de una vulnerabilidad de scripting en sitios cruzados (XSS) en SquirreMail 1.2.8 llama a la funci\u00f3n strip_tags en el valor PHP_SELF pero no vuelve a guardar el resultado en esa variable, dejandolo abierto a ataques XSS."
}
],
"id": "CVE-2002-1276",
"lastModified": "2024-11-20T23:40:57.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-11-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8220"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10634.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10634.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-05 18:29
Modified
2024-11-21 03:50
Severity ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F2E2D8-C2AF-4C72-B3F2-43AFC43D0CE5",
"versionEndIncluding": "1.4.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute)."
},
{
"lang": "es",
"value": "La p\u00e1gina de visualizaci\u00f3n de mensajes de email en SquirrelMail hasta la versi\u00f3n 1.4.22 tiene Cross-Site Scripting (XSS) mediante animaciones SVG (animate to attribute)."
}
],
"id": "CVE-2018-14955",
"lastModified": "2024-11-21T03:50:10.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-05T18:29:00.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/905023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-14 17:30
Modified
2024-11-21 01:02
Severity ?
Summary
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FF0DF6-AEEC-4099-B1C4-19EDC1FDD564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23AEC37-88CE-488D-B9D2-2B0322D0FC8A",
"versionEndIncluding": "1.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program."
},
{
"lang": "es",
"value": "La funci\u00f3n map_yp_alias en functions/imap_general.php en SquirrelMail versiones anteriores a v1.4.18 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de int\u00e9rprete de comandos en una cadena de nombre de usuario que est\u00e1 utilizada por el programa ypmatch."
}
],
"id": "CVE-2009-1579",
"lastModified": "2024-11-21T01:02:49.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-14T17:30:00.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35259"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37415"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674\u0026r2=13673\u0026pathrev=13674"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13674"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500360"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461"
},
{
"source": "cve@mitre.org",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674\u0026r2=13673\u0026pathrev=13674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-14 23:55
Modified
2024-11-21 01:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE87803-6C17-4FC8-9091-920E25E28C3B",
"versionEndIncluding": "1.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75E2349D-4B4C-469C-82CE-09C4B526BCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BD44ECE5-7C33-4200-9F36-2E8D5D7DB2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en functions/mime.php en SquirrelMail anterior a v.1.4.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un elemento STYLE en un correo electr\u00f3nico."
}
],
"id": "CVE-2011-2023",
"lastModified": "2024-11-21T01:27:30.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-14T23:55:02.113",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025766"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14121"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720695"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-02 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes | ||
| cve@mitre.org | http://secunia.com/advisories/14096 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2005/dsa-662 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/203214 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14096 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-662 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/203214 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via \"URL manipulation.\""
}
],
"id": "CVE-2005-0152",
"lastModified": "2024-11-20T23:54:32.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14096"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/203214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/203214"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie."
},
{
"lang": "es",
"value": "SquirreMail 1.2.5 y anteriores permite a usuarios autenticados ejecutar c\u00f3digo arbitrario modificando la variable THEME en una cookie"
}
],
"id": "CVE-2002-0516",
"lastModified": "2024-11-20T23:39:16.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8671.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8671.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4385"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | propack | 3.0 | |
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elecci\u00f3n como otro usuario y posiblemente robar informaci\u00f3n de autenticaci\u00f3n mediante m\u00faltiples vectores de ataque, incluyendo el par\u00e1metro mailbox en compose.php."
}
],
"id": "CVE-2004-0519",
"lastModified": "2024-11-20T23:48:46.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108334862800260"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11531"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11686"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11870"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12289"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/361857"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10246"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16025"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108334862800260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/361857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.0.4 | |
| squirrelmail | squirrelmail | 1.0.5 | |
| squirrelmail | squirrelmail | 1.2.0 | |
| squirrelmail | squirrelmail | 1.2.1 | |
| squirrelmail | squirrelmail | 1.2.2 | |
| squirrelmail | squirrelmail | 1.2.3 | |
| squirrelmail | squirrelmail | 1.2.4 | |
| squirrelmail | squirrelmail | 1.2.5 | |
| squirrelmail | squirrelmail | 1.2.6 | |
| squirrelmail | squirrelmail | 1.2.7 | |
| squirrelmail | squirrelmail | 1.2.8 | |
| squirrelmail | squirrelmail | 1.2.9 | |
| squirrelmail | squirrelmail | 1.2.10 | |
| squirrelmail | squirrelmail | 1.2.11 | |
| squirrelmail | squirrelmail | 1.4 | |
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.44 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files."
},
{
"lang": "es",
"value": "options_identities.php en SquirrelMail 1.4.4 y anteriores usa la funci\u00f3n \"extract\" para procesar la variable \"$_POST\", lo que permite que atacantes remotos modifiquen o lean las preferencias de otros usuarios, lleven a cabo ataques XSS o escriban ficheros de su elecci\u00f3n."
}
],
"id": "CVE-2005-2095",
"lastModified": "2024-11-20T23:58:47.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-13T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00090-07142005"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/405200"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/405202"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14254"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squirrelmail.org/security/issue/2005-07-13"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21359"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00090-07142005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/405200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/405202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/security/issue/2005-07-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE87803-6C17-4FC8-9091-920E25E28C3B",
"versionEndIncluding": "1.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F7F3531-E0EE-48AA-BCB4-872BEB853531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75E2349D-4B4C-469C-82CE-09C4B526BCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BD44ECE5-7C33-4200-9F36-2E8D5D7DB2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en SquirrelMail v1.4.21 y anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n de las v\u00edctimas a trav\u00e9s de vectores no especificados participaci\u00f3n (1) la implementaci\u00f3n de la basura y (2) con la p\u00e1gina Index Order (tambi\u00e9n conocido como options_order), una problema diferente a CVE-2010-4555."
}
],
"id": "CVE-2011-2753",
"lastModified": "2024-11-21T01:28:53.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-17T20:55:01.827",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-09 11:55
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paul_lesniewsk | autocomplete | * | |
| paul_lesniewsk | autocomplete | 1.0 | |
| paul_lesniewsk | autocomplete | 1.1 | |
| paul_lesniewsk | autocomplete | 1.2 | |
| paul_lesniewsk | autocomplete | 1.3 | |
| paul_lesniewsk | autocomplete | 2.0 | |
| squirrelmail | squirrelmail | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34A8F4C1-F2DF-4CFF-8CD5-4E1203FFE173",
"versionEndIncluding": "2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55CCB854-1501-4366-8F23-904D7F03962D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "860CB334-CE31-4089-BC4C-F413CCDB7052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "568ED844-B934-4A24-BB2A-3EDB117C75EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11CB74EE-5FD2-46AE-A676-11D35CF33C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94E7BFE9-FD8C-45C0-9D20-8A5C81EECE4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4C8AC6-80BA-456F-997B-FC38A8E2F060",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzaods (XSS) en el componente de autocompletado v3.0 de SquirrelMail permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0323",
"lastModified": "2024-11-21T01:34:48.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-09T11:55:00.973",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN56653852/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://squirrelmail.org/plugin_view.php?id=32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN56653852/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://squirrelmail.org/plugin_view.php?id=32"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | gpg_plugin | 1.1 | |
| squirrelmail | squirrelmail | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:gpg_plugin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB5BBEA-384E-4B88-A71E-C90A6D440116",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field."
},
{
"lang": "es",
"value": "El c\u00f3digo parseAddress en SquirrelMail 1.4.0 y GPG Plugin 1.1 permite a atacantes remotos ejecutar comandos mediante metacaract\u00e9res de shell en el campo \"Para:\"."
}
],
"id": "CVE-2003-0990",
"lastModified": "2024-11-20T23:46:05.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107247236124180\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348366"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9296"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107247236124180\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-05 00:30
Modified
2024-11-21 00:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A189210-833E-473D-A4C6-380380C48AC0",
"versionEndIncluding": "1.4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D58980B8-6D4B-4E90-8410-80FDD7CF15C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail anteriores a la v1.4.17 permitir\u00eda a atacantes remotos inyectar secuencia de c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de un hiperenlace manipulado en la parte HTML de un mensaje de correo electr\u00f3nico."
}
],
"id": "CVE-2008-2379",
"lastModified": "2024-11-21T00:46:45.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-05T00:30:00.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32143"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33054"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33071"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "cve@mitre.org",
"url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32603"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/index.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-11 04:20
Modified
2024-11-21 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.0 | |
| squirrelmail | squirrelmail | 1.4.1 | |
| squirrelmail | squirrelmail | 1.4.2 | |
| squirrelmail | squirrelmail | 1.4.3 | |
| squirrelmail | squirrelmail | 1.4.3_r3 | |
| squirrelmail | squirrelmail | 1.4.3_rc1 | |
| squirrelmail | squirrelmail | 1.4.3a | |
| squirrelmail | squirrelmail | 1.4.3aa | |
| squirrelmail | squirrelmail | 1.4.4 | |
| squirrelmail | squirrelmail | 1.4.4_rc1 | |
| squirrelmail | squirrelmail | 1.4.5 | |
| squirrelmail | squirrelmail | 1.4.6 | |
| squirrelmail | squirrelmail | 1.4.6_cvs | |
| squirrelmail | squirrelmail | 1.4.6_rc1 | |
| squirrelmail | squirrelmail | 1.4.7 | |
| squirrelmail | squirrelmail | 1.4.8 | |
| squirrelmail | squirrelmail | 1.4.9 | |
| squirrelmail | squirrelmail | 1.4.9a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el filtro de HTML en el SquirrelMail 1.4.0 hasta la 1.4.9a permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) datos: un URI en un adjunto de un correo electr\u00f3nico en HTML o (2) mediante varios juegos de caracteres no-ASCII que no son filtrados adecuadamente cuando son visualizados por el Microsoft Internet Explorer."
}
],
"id": "CVE-2007-1262",
"lastModified": "2024-11-21T00:27:54.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-11T04:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN09157962/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35887"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35888"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25200"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25236"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25690"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25787"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1290"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23910"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018033"
},
{
"source": "cve@mitre.org",
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1353"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN09157962/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-14 19:46
Modified
2024-11-21 00:39
Severity ?
Summary
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squirrelmail | squirrelmail | 1.4.11 | |
| squirrelmail | squirrelmail | 1.4.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "SquirrelMail versiones 1.4.11 y 1.4.12, distribuidas en sourceforge.net versiones anteriores a 20071213, se han modificado externamente para crear un Caballo de Troya que introduce una vulnerabilidad de inclusi\u00f3n remota de archivos PHP, que permite a los atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2007-6348",
"lastModified": "2024-11-21T00:39:55.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-14T19:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/42633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28095"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squirrelmail.org/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squirrelmail.org/index.php"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "The versions of SquirrelMail packages shipped in Red Hat Enterprise Linux 3, 4, and 5 were not affected by this issue. In addition, the Red Hat Security Response Team have verified that the malicious code is not part of released Red Hat Enterprise Linux squirrelmail packages.\n",
"lastModified": "2007-12-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2009-1581
Vulnerability from cvelistv5
Published
2009-05-14 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "oval:org.mitre.oval:def:10441",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-css-xss(50463)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application\u0027s content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "oval:org.mitre.oval:def:10441",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-css-xss(50463)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application\u0027s content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500356",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "oval:org.mitre.oval:def:10441",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-12",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-css-xss(50463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1581",
"datePublished": "2009-05-14T17:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1649
Vulnerability from cvelistv5
Published
2005-03-28 05:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/153043 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/3956 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squirrelmail-html-execute-script(7989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squirrelmail-html-execute-script(7989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-html-execute-script(7989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1649",
"datePublished": "2005-03-28T05:00:00",
"dateReserved": "2005-03-28T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1650
Vulnerability from cvelistv5
Published
2005-03-28 05:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7990 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020124 squirrelmail bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html"
},
{
"name": "squirrelmail-spellchecker-command-execution(7990)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7990"
},
{
"name": "20020124 Re: squirrelmail bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020124 squirrelmail bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html"
},
{
"name": "squirrelmail-spellchecker-command-execution(7990)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7990"
},
{
"name": "20020124 Re: squirrelmail bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020124 squirrelmail bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html"
},
{
"name": "squirrelmail-spellchecker-command-execution(7990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7990"
},
{
"name": "20020124 Re: squirrelmail bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1650",
"datePublished": "2005-03-28T05:00:00",
"dateReserved": "2005-03-28T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1381
Vulnerability from cvelistv5
Published
2009-05-22 20:00
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/35140 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/archive/1/503718/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:122 | vendor-advisory, x_refsource_MANDRIVA | |
| http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff | x_refsource_MISC | |
| https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2009/dsa-1802 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-5350",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html"
},
{
"name": "20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503718/100/0/threaded"
},
{
"name": "MDVSA-2009:122",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff"
},
{
"name": "FEDORA-2009-5471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-5350",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html"
},
{
"name": "20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503718/100/0/threaded"
},
{
"name": "MDVSA-2009:122",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff"
},
{
"name": "FEDORA-2009-5471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1381",
"datePublished": "2009-05-22T20:00:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2842
Vulnerability from cvelistv5
Published
2006-06-06 20:03
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2006:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "18231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18231"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16\u0026r2=1.27.2.17\u0026view=patch\u0026pathrev=SM-1_4-STABLE"
},
{
"name": "20060601 Squirrelmail local file inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435605/100/0/threaded"
},
{
"name": "21262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21262"
},
{
"name": "RHSA-2006:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0547.html"
},
{
"name": "20406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20406"
},
{
"name": "1016209",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2006-06-01"
},
{
"name": "ADV-2006-2101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "21159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21159"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "MDKSA-2006:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101"
},
{
"name": "20060703-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:11670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
},
{
"name": "20931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2006:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "18231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18231"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16\u0026r2=1.27.2.17\u0026view=patch\u0026pathrev=SM-1_4-STABLE"
},
{
"name": "20060601 Squirrelmail local file inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435605/100/0/threaded"
},
{
"name": "21262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21262"
},
{
"name": "RHSA-2006:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0547.html"
},
{
"name": "20406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20406"
},
{
"name": "1016209",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2006-06-01"
},
{
"name": "ADV-2006-2101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "21159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21159"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "MDKSA-2006:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101"
},
{
"name": "20060703-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:11670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
},
{
"name": "20931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20931"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2006:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "18231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18231"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16\u0026r2=1.27.2.17\u0026view=patch\u0026pathrev=SM-1_4-STABLE",
"refsource": "CONFIRM",
"url": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16\u0026r2=1.27.2.17\u0026view=patch\u0026pathrev=SM-1_4-STABLE"
},
{
"name": "20060601 Squirrelmail local file inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435605/100/0/threaded"
},
{
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name": "RHSA-2006:0547",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0547.html"
},
{
"name": "20406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20406"
},
{
"name": "1016209",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016209"
},
{
"name": "http://www.squirrelmail.org/security/issue/2006-06-01",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2006-06-01"
},
{
"name": "ADV-2006-2101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2101"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "21159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21159"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "MDKSA-2006:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:11670",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
},
{
"name": "20931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2842",
"datePublished": "2006-06-06T20:03:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1769
Vulnerability from cvelistv5
Published
2005-06-20 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_18_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.squirrelmail.org/security/issue/2005-06-15 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=111893827711390&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852 | vdb-entry, signature, x_refsource_OVAL | |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 | vendor-advisory, x_refsource_FEDORA | |
| http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.redhat.com/support/errata/RHSA-2005-595.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2005/dsa-756 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "MDKSA-2005:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2005-06-15"
},
{
"name": "20050616 [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111893827711390\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852"
},
{
"name": "FLSA:163047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "RHSA-2005:595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"name": "DSA-756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "MDKSA-2005:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2005-06-15"
},
{
"name": "20050616 [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111893827711390\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:9852",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852"
},
{
"name": "FLSA:163047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "RHSA-2005:595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"name": "DSA-756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1769",
"datePublished": "2005-06-20T04:00:00",
"dateReserved": "2005-05-31T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2631
Vulnerability from cvelistv5
Published
2007-05-13 23:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/468253/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/468220/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/35890 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070510 Re: squirrelmail CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468253/100/0/threaded"
},
{
"name": "20070510 squirrelmail CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468220/100/0/threaded"
},
{
"name": "35890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070510 Re: squirrelmail CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468253/100/0/threaded"
},
{
"name": "20070510 squirrelmail CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468220/100/0/threaded"
},
{
"name": "35890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070510 Re: squirrelmail CSRF vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468253/100/0/threaded"
},
{
"name": "20070510 squirrelmail CSRF vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468220/100/0/threaded"
},
{
"name": "35890",
"refsource": "OSVDB",
"url": "http://osvdb.org/35890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2631",
"datePublished": "2007-05-13T23:00:00",
"dateReserved": "2007-05-13T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14933
Vulnerability from cvelistv5
Published
2020-06-20 12:07
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/06/20/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-04T01:30:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded). ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/06/20/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14933",
"datePublished": "2020-06-20T12:07:06",
"dateReserved": "2020-06-20T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2086
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 03:51
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9008 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4666 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/4667 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9009 | vdb-entry, x_refsource_XF | |
| http://www.squirrelmail.org/changelog.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=544658\u0026group_id=311\u0026atid=100311"
},
{
"name": "squirrelmail-header-xss(9008)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"name": "4666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4666"
},
{
"name": "4667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=545933\u0026group_id=311\u0026atid=100311"
},
{
"name": "squirrelmail-html-attachment-xss(9009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) \"\u003c\u003cscript\" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=544658\u0026group_id=311\u0026atid=100311"
},
{
"name": "squirrelmail-header-xss(9008)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"name": "4666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4666"
},
{
"name": "4667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=545933\u0026group_id=311\u0026atid=100311"
},
{
"name": "squirrelmail-html-attachment-xss(9009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) \"\u003c\u003cscript\" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=544658\u0026group_id=311\u0026atid=100311",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=544658\u0026group_id=311\u0026atid=100311"
},
{
"name": "squirrelmail-header-xss(9008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"name": "4666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4666"
},
{
"name": "4667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4667"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=545933\u0026group_id=311\u0026atid=100311",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=545933\u0026group_id=311\u0026atid=100311"
},
{
"name": "squirrelmail-html-attachment-xss(9009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
},
{
"name": "http://www.squirrelmail.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2086",
"datePublished": "2005-07-14T04:00:00",
"dateReserved": "2005-07-14T00:00:00",
"dateUpdated": "2024-08-08T03:51:17.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0323
Vulnerability from cvelistv5
Published
2012-03-09 11:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021 | third-party-advisory, x_refsource_JVNDB | |
| http://squirrelmail.org/plugin_view.php?id=32 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN56653852/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2012-000021",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://squirrelmail.org/plugin_view.php?id=32"
},
{
"name": "JVN#56653852",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56653852/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-09T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2012-000021",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://squirrelmail.org/plugin_view.php?id=32"
},
{
"name": "JVN#56653852",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56653852/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000021",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021"
},
{
"name": "http://squirrelmail.org/plugin_view.php?id=32",
"refsource": "MISC",
"url": "http://squirrelmail.org/plugin_view.php?id=32"
},
{
"name": "JVN#56653852",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56653852/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0323",
"datePublished": "2012-03-09T11:00:00Z",
"dateReserved": "2012-01-04T00:00:00Z",
"dateUpdated": "2024-09-16T19:19:30.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1578
Vulnerability from cvelistv5
Published
2009-05-14 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13670"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "60468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60468"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "oval:org.mitre.oval:def:11624",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-phpself-xss(50459)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13672"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672\u0026r2=13671\u0026pathrev=13672"
},
{
"name": "35259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "squirrelmail-decryptheaders-xss(50460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670\u0026r2=13669\u0026pathrev=13670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"name": "ADV-2009-3315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13670"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "60468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60468"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "oval:org.mitre.oval:def:11624",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-phpself-xss(50459)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13672"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672\u0026r2=13671\u0026pathrev=13672"
},
{
"name": "35259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "squirrelmail-decryptheaders-xss(50460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670\u0026r2=13669\u0026pathrev=13670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"name": "ADV-2009-3315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "https://gna.org/forum/forum.php?forum_id=2146",
"refsource": "CONFIRM",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-09",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-09"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13670",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13670"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
"refsource": "CONFIRM",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "60468",
"refsource": "OSVDB",
"url": "http://osvdb.org/60468"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "oval:org.mitre.oval:def:11624",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-phpself-xss(50459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50459"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13672",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13672"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672\u0026r2=13671\u0026pathrev=13672",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672\u0026r2=13671\u0026pathrev=13672"
},
{
"name": "35259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "squirrelmail-decryptheaders-xss(50460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50460"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670\u0026r2=13669\u0026pathrev=13670",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670\u0026r2=13669\u0026pathrev=13670"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-08",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-08"
},
{
"name": "ADV-2009-3315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500363",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500363"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1578",
"datePublished": "2009-05-14T17:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2589
Vulnerability from cvelistv5
Published
2007-05-11 03:55
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "25200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25200"
},
{
"name": "ADV-2007-1748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"name": "25320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25320"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "squirrelmail-multiple-scripts-csrf(34219)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"name": "MDKSA-2007:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "oval:org.mitre.oval:def:11448",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448"
},
{
"name": "RHSA-2007:0358",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "35889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35889"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25787"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "25200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25200"
},
{
"name": "ADV-2007-1748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"name": "25320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25320"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "squirrelmail-multiple-scripts-csrf(34219)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"name": "MDKSA-2007:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "oval:org.mitre.oval:def:11448",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448"
},
{
"name": "RHSA-2007:0358",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "35889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35889"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25787"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "25200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25200"
},
{
"name": "ADV-2007-1748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"name": "25320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25320"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "squirrelmail-multiple-scripts-csrf(34219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34219"
},
{
"name": "http://www.squirrelmail.org/security/issue/2007-05-09",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"name": "MDKSA-2007:106",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"name": "SUSE-SR:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "oval:org.mitre.oval:def:11448",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448"
},
{
"name": "RHSA-2007:0358",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "35889",
"refsource": "OSVDB",
"url": "http://osvdb.org/35889"
},
{
"name": "25787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25787"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2589",
"datePublished": "2007-05-11T03:55:00",
"dateReserved": "2007-05-10T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2379
Vulnerability from cvelistv5
Published
2008-12-05 00:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9764",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33071"
},
{
"name": "FEDORA-2008-10918",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
},
{
"name": "33054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2008-3332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3332"
},
{
"name": "DSA-1682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1682"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32603",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32603"
},
{
"name": "32143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32143"
},
{
"name": "squirrelmail-html-xss(47024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
},
{
"name": "FEDORA-2008-10740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/index.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9764",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33071"
},
{
"name": "FEDORA-2008-10918",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
},
{
"name": "33054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2008-3332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3332"
},
{
"name": "DSA-1682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1682"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32603",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32603"
},
{
"name": "32143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32143"
},
{
"name": "squirrelmail-html-xss(47024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
},
{
"name": "FEDORA-2008-10740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/index.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9764",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33071"
},
{
"name": "FEDORA-2008-10918",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
},
{
"name": "33054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33054"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2008-3332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3332"
},
{
"name": "DSA-1682",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1682"
},
{
"name": "SUSE-SR:2008:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32603"
},
{
"name": "32143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32143"
},
{
"name": "squirrelmail-html-xss(47024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
},
{
"name": "http://security-net.biz/wsw/index.php?p=254\u0026n=190",
"refsource": "MISC",
"url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
},
{
"name": "FEDORA-2008-10740",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
},
{
"name": "http://www.squirrelmail.org/index.php",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/index.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2379",
"datePublished": "2008-12-05T00:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3174
Vulnerability from cvelistv5
Published
2006-06-23 00:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/2732 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/18700 | vdb-entry, x_refsource_BID | |
| http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html | x_refsource_MISC | |
| http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html | vendor-advisory, x_refsource_APPLE | |
| http://docs.info.apple.com/article.html?artnum=306172 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/25159 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/26610 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26941 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/26235 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:06.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "18700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "26610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26610"
},
{
"name": "squirrelmail-search-xss(26941)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26941"
},
{
"name": "MDKSA-2006:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "18700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "26610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26610"
},
{
"name": "squirrelmail-search-xss(26941)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26941"
},
{
"name": "MDKSA-2006:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "18700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18700"
},
{
"name": "http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "26610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26610"
},
{
"name": "squirrelmail-search-xss(26941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26941"
},
{
"name": "MDKSA-2006:147",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3174",
"datePublished": "2006-06-23T00:00:00",
"dateReserved": "2006-06-22T00:00:00",
"dateUpdated": "2024-08-07T18:16:06.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0160
Vulnerability from cvelistv5
Published
2003-03-26 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2003-112.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953\u0026forum_id=1988"
},
{
"name": "RHSA-2003:112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-112.html"
},
{
"name": "oval:org.mitre.oval:def:614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953\u0026forum_id=1988"
},
{
"name": "RHSA-2003:112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-112.html"
},
{
"name": "oval:org.mitre.oval:def:614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client\u0027s web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953\u0026forum_id=1988",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953\u0026forum_id=1988"
},
{
"name": "RHSA-2003:112",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-112.html"
},
{
"name": "oval:org.mitre.oval:def:614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0160",
"datePublished": "2003-03-26T05:00:00",
"dateReserved": "2003-03-21T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6348
Vulnerability from cvelistv5
Published
2007-12-14 19:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/485037/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=119765643909825&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28095 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squirrelmail.org/index.php | x_refsource_CONFIRM | |
| http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/42633 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2"
},
{
"name": "20071213 SECURITY: 1.4.12 Package Compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"
},
{
"name": "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2"
},
{
"name": "28095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/index.php"
},
{
"name": "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2"
},
{
"name": "42633",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119765235203392\u0026w=2"
},
{
"name": "20071213 SECURITY: 1.4.12 Package Compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded"
},
{
"name": "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=119765643909825\u0026w=2"
},
{
"name": "28095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/index.php"
},
{
"name": "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squirrelmail-devel\u0026m=119756462212214\u0026w=2"
},
{
"name": "42633",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42633"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-6348",
"datePublished": "2007-12-14T19:00:00",
"dateReserved": "2007-12-14T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0104
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/14096 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2005-135.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=110702772714662&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2005-099.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19036 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/13962/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2005/dsa-662 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.squirrelmail.org/security/issue/2005-01-20 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568"
},
{
"name": "14096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14096"
},
{
"name": "RHSA-2005:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "squirrelmail-webmailphp-xss(19036)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19036"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "GLSA-200501-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"name": "DSA-662",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10568",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568"
},
{
"name": "14096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14096"
},
{
"name": "RHSA-2005:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "squirrelmail-webmailphp-xss(19036)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19036"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "GLSA-200501-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"name": "DSA-662",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10568",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568"
},
{
"name": "14096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14096"
},
{
"name": "RHSA-2005:135",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "squirrelmail-webmailphp-xss(19036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19036"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "GLSA-200501-39",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
},
{
"name": "DSA-662",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-662"
},
{
"name": "http://www.squirrelmail.org/security/issue/2005-01-20",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2005-01-20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0104",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3636
Vulnerability from cvelistv5
Published
2007-07-10 00:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24828 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/45790 | vdb-entry, x_refsource_OSVDB | |
| http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html | mailing-list, x_refsource_MLIST | |
| http://www.attrition.org/pipermail/vim/2007-July/001703.html | mailing-list, x_refsource_VIM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24828"
},
{
"name": "45790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45790"
},
{
"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24828"
},
{
"name": "45790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45790"
},
{
"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24828"
},
{
"name": "45790",
"refsource": "OSVDB",
"url": "http://osvdb.org/45790"
},
{
"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3636",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14952
Vulnerability from cvelistv5
Published
2018-08-05 18:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/squirrelmail/bugs/2831/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/07/26/2 | x_refsource_MISC | |
| https://bugs.debian.org/905023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cmath\u003e\u003cmaction xlink:href=\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cmath\u003e\u003cmaction xlink:href=\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14952",
"datePublished": "2018-08-05T18:00:00",
"dateReserved": "2018-08-05T00:00:00",
"dateUpdated": "2024-08-05T09:46:24.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6142
Vulnerability from cvelistv5
Published
2006-12-05 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "MDKSA-2006:226",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
},
{
"name": "23195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23195"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "RHSA-2007:0022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
},
{
"name": "FEDORA-2007-088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2438"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "oval:org.mitre.oval:def:9988",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
},
{
"name": "23504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23504"
},
{
"name": "24284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24284"
},
{
"name": "squirrelmail-webmail-compose-xss(30693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
},
{
"name": "squirrelmail-mimeheader-xss(30695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
},
{
"name": "23322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23322"
},
{
"name": "SUSE-SR:2007:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "squirrelmail-magichtml-messages-xss(30694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
},
{
"name": "DSA-1241",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1241"
},
{
"name": "FEDORA-2007-089",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2439"
},
{
"name": "21414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
},
{
"name": "24004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24004"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "20070201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.org/security/issue/2006-12-02"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-849"
},
{
"name": "ADV-2006-4828",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4828"
},
{
"name": "23811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23811"
},
{
"name": "1017327",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017327"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "MDKSA-2006:226",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
},
{
"name": "23195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23195"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "RHSA-2007:0022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
},
{
"name": "FEDORA-2007-088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2438"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "oval:org.mitre.oval:def:9988",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
},
{
"name": "23504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23504"
},
{
"name": "24284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24284"
},
{
"name": "squirrelmail-webmail-compose-xss(30693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
},
{
"name": "squirrelmail-mimeheader-xss(30695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
},
{
"name": "23322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23322"
},
{
"name": "SUSE-SR:2007:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "squirrelmail-magichtml-messages-xss(30694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
},
{
"name": "DSA-1241",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1241"
},
{
"name": "FEDORA-2007-089",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2439"
},
{
"name": "21414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
},
{
"name": "24004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24004"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "20070201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.org/security/issue/2006-12-02"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-849"
},
{
"name": "ADV-2006-4828",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4828"
},
{
"name": "23811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23811"
},
{
"name": "1017327",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017327"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "MDKSA-2006:226",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
},
{
"name": "23195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23195"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "RHSA-2007:0022",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
},
{
"name": "FEDORA-2007-088",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2438"
},
{
"name": "23409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23409"
},
{
"name": "oval:org.mitre.oval:def:9988",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
},
{
"name": "23504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23504"
},
{
"name": "24284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24284"
},
{
"name": "squirrelmail-webmail-compose-xss(30693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
},
{
"name": "squirrelmail-mimeheader-xss(30695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
},
{
"name": "23322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23322"
},
{
"name": "SUSE-SR:2007:004",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "squirrelmail-magichtml-messages-xss(30694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
},
{
"name": "DSA-1241",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1241"
},
{
"name": "FEDORA-2007-089",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2439"
},
{
"name": "21414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21414"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=468482",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
},
{
"name": "24004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24004"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "20070201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"name": "http://squirrelmail.org/security/issue/2006-12-02",
"refsource": "CONFIRM",
"url": "http://squirrelmail.org/security/issue/2006-12-02"
},
{
"name": "SUSE-SR:2006:029",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-849",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-849"
},
{
"name": "ADV-2006-4828",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4828"
},
{
"name": "23811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23811"
},
{
"name": "1017327",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017327"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6142",
"datePublished": "2006-12-05T11:00:00",
"dateReserved": "2006-11-28T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2753
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2291 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 | vendor-advisory, x_refsource_MANDRIVA | |
| http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=720694 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0103.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68586 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:24.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "squirrelmail-authentication-csrf(68586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "squirrelmail-authentication-csrf(68586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2291",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=720694",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "squirrelmail-authentication-csrf(68586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2753",
"datePublished": "2011-07-17T20:00:00",
"dateReserved": "2011-07-17T00:00:00",
"dateUpdated": "2024-08-06T23:08:24.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2023
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2291 | vendor-advisory, x_refsource_DEBIAN | |
| http://support.apple.com/kb/HT5130 | x_refsource_CONFIRM | |
| http://www.squirrelmail.org/security/issue/2011-07-10 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=720695 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0103.html | vendor-advisory, x_refsource_REDHAT | |
| http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14121 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1025766 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-10"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720695"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14121"
},
{
"name": "1025766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-10"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720695"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14121"
},
{
"name": "1025766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2291",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "http://www.squirrelmail.org/security/issue/2011-07-10",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2011-07-10"
},
{
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=720695",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720695"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14121",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14121"
},
{
"name": "1025766",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2023",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0195
Vulnerability from cvelistv5
Published
2006-02-24 00:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2006:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19176"
},
{
"name": "FEDORA-2006-133",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "ADV-2006-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18985"
},
{
"name": "19205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19205"
},
{
"name": "19960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "squirrelmail-magichtml-xss(24848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-10"
},
{
"name": "oval:org.mitre.oval:def:9548",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548"
},
{
"name": "DSA-988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) \"/*\" and \"*/\" comments, or (2) a newline in a \"url\" specifier, which is processed by certain web browsers including Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2006:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19176"
},
{
"name": "FEDORA-2006-133",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "ADV-2006-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18985"
},
{
"name": "19205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19205"
},
{
"name": "19960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "squirrelmail-magichtml-xss(24848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-10"
},
{
"name": "oval:org.mitre.oval:def:9548",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548"
},
{
"name": "DSA-988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) \"/*\" and \"*/\" comments, or (2) a newline in a \"url\" specifier, which is processed by certain web browsers including Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:049",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19176"
},
{
"name": "FEDORA-2006-133",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "ADV-2006-0689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18985"
},
{
"name": "19205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19205"
},
{
"name": "19960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "squirrelmail-magichtml-xss(24848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "http://www.squirrelmail.org/security/issue/2006-02-10",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2006-02-10"
},
{
"name": "oval:org.mitre.oval:def:9548",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548"
},
{
"name": "DSA-988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0195",
"datePublished": "2006-02-24T00:00:00",
"dateReserved": "2006-01-13T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2124
Vulnerability from cvelistv5
Published
2013-01-18 11:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51730 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=814671 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/20/22 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2013-0126.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814671"
},
{
"name": "[oss-security] 20120420 CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/22"
},
{
"name": "RHSA-2013:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0126.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-18T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814671"
},
{
"name": "[oss-security] 20120420 CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/22"
},
{
"name": "RHSA-2013:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0126.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2124",
"datePublished": "2013-01-18T11:00:00Z",
"dateReserved": "2012-04-04T00:00:00Z",
"dateUpdated": "2024-08-06T19:26:08.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2813
Vulnerability from cvelistv5
Published
2010-08-19 17:43
Modified
2024-08-07 02:46
Severity ?
EPSS score ?
Summary
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-11422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-imap-dos(61124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"
},
{
"name": "FEDORA-2010-11410",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch\u0026r1=13972\u0026r2=13971\u0026pathrev=13972"
},
{
"name": "DSA-2091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "40964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40964"
},
{
"name": "ADV-2010-2080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"name": "42399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42399"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "40971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40971"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.org/security/issue/2010-07-23"
},
{
"name": "ADV-2010-2070",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-11422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-imap-dos(61124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"
},
{
"name": "FEDORA-2010-11410",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch\u0026r1=13972\u0026r2=13971\u0026pathrev=13972"
},
{
"name": "DSA-2091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "40964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40964"
},
{
"name": "ADV-2010-2080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"name": "42399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42399"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "40971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40971"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.org/security/issue/2010-07-23"
},
{
"name": "ADV-2010-2070",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-11422",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-imap-dos(61124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"
},
{
"name": "FEDORA-2010-11410",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch\u0026r1=13972\u0026r2=13971\u0026pathrev=13972",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch\u0026r1=13972\u0026r2=13971\u0026pathrev=13972"
},
{
"name": "DSA-2091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "40964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40964"
},
{
"name": "ADV-2010-2080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"name": "42399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42399"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "40971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40971"
},
{
"name": "http://squirrelmail.org/security/issue/2010-07-23",
"refsource": "CONFIRM",
"url": "http://squirrelmail.org/security/issue/2010-07-23"
},
{
"name": "ADV-2010-2070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2070"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=618096",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2813",
"datePublished": "2010-08-19T17:43:00",
"dateReserved": "2010-07-22T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0075
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squirrelmail.org/security/issue/2005-01-14 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-135.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=110702772714662&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2005-099.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/13962/ | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-14"
},
{
"name": "RHSA-2005:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "oval:org.mitre.oval:def:9587",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587"
},
{
"name": "GLSA-200501-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-14"
},
{
"name": "RHSA-2005:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "oval:org.mitre.oval:def:9587",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587"
},
{
"name": "GLSA-200501-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squirrelmail.org/security/issue/2005-01-14",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2005-01-14"
},
{
"name": "RHSA-2005:135",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "oval:org.mitre.oval:def:9587",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587"
},
{
"name": "GLSA-200501-39",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0075",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-14T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12970
Vulnerability from cvelistv5
Published
2019-07-01 10:32
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Jul/0 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Jul/50 | mailing-list, x_refsource_BUGTRAQ | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:09.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt"
},
{
"name": "20190701 [SYSS-2019-016] SquirrelMail script filter bypass/XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html"
},
{
"name": "20190730 [SYSS-2019-016] SquirrelMail script filter bypass/XSS (update)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/50"
},
{
"name": "[debian-lts-announce] 20190801 [SECURITY] [DLA 1868-1] squirrelmail security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt"
},
{
"name": "20190701 [SYSS-2019-016] SquirrelMail script filter bypass/XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html"
},
{
"name": "20190730 [SYSS-2019-016] SquirrelMail script filter bypass/XSS (update)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/50"
},
{
"name": "[debian-lts-announce] 20190801 [SECURITY] [DLA 1868-1] squirrelmail security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt"
},
{
"name": "20190701 [SYSS-2019-016] SquirrelMail script filter bypass/XSS",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/0"
},
{
"name": "http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html"
},
{
"name": "20190730 [SYSS-2019-016] SquirrelMail script filter bypass/XSS (update)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/50"
},
{
"name": "[debian-lts-announce] 20190801 [SECURITY] [DLA 1868-1] squirrelmail security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12970",
"datePublished": "2019-07-01T10:32:05",
"dateReserved": "2019-06-26T00:00:00",
"dateUpdated": "2024-08-04T23:41:09.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0188
Vulnerability from cvelistv5
Published
2006-02-24 00:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2006:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19176"
},
{
"name": "squirrelmail-webmail-xss(24847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847"
},
{
"name": "FEDORA-2006-133",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "oval:org.mitre.oval:def:10419",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419"
},
{
"name": "ADV-2006-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18985"
},
{
"name": "19205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-01"
},
{
"name": "19960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "DSA-988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2006:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19176"
},
{
"name": "squirrelmail-webmail-xss(24847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847"
},
{
"name": "FEDORA-2006-133",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "oval:org.mitre.oval:def:10419",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419"
},
{
"name": "ADV-2006-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18985"
},
{
"name": "19205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-01"
},
{
"name": "19960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "DSA-988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:049",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19176"
},
{
"name": "squirrelmail-webmail-xss(24847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847"
},
{
"name": "FEDORA-2006-133",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "oval:org.mitre.oval:def:10419",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419"
},
{
"name": "ADV-2006-0689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18985"
},
{
"name": "19205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19205"
},
{
"name": "http://www.squirrelmail.org/security/issue/2006-02-01",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2006-02-01"
},
{
"name": "19960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "DSA-988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0188",
"datePublished": "2006-02-24T00:00:00",
"dateReserved": "2006-01-12T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0377
Vulnerability from cvelistv5
Published
2006-02-24 00:00
Modified
2024-08-07 16:34
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2006:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-15"
},
{
"name": "FEDORA-2006-133",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "ADV-2006-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18985"
},
{
"name": "oval:org.mitre.oval:def:11470",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470"
},
{
"name": "19205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19205"
},
{
"name": "squirrelmail-mailbox-imap-injection(24849)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849"
},
{
"name": "19960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "DSA-988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka \"IMAP injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2006:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2006-02-15"
},
{
"name": "FEDORA-2006-133",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "ADV-2006-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18985"
},
{
"name": "oval:org.mitre.oval:def:11470",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470"
},
{
"name": "19205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19205"
},
{
"name": "squirrelmail-mailbox-imap-injection(24849)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849"
},
{
"name": "19960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19130"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "DSA-988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka \"IMAP injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:049",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
},
{
"name": "RHSA-2006:0283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
},
{
"name": "19176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19176"
},
{
"name": "http://www.squirrelmail.org/security/issue/2006-02-15",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2006-02-15"
},
{
"name": "FEDORA-2006-133",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "ADV-2006-0689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0689"
},
{
"name": "18985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18985"
},
{
"name": "oval:org.mitre.oval:def:11470",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470"
},
{
"name": "19205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19205"
},
{
"name": "squirrelmail-mailbox-imap-injection(24849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849"
},
{
"name": "19960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19960"
},
{
"name": "16756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16756"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "DSA-988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0377",
"datePublished": "2006-02-24T00:00:00",
"dateReserved": "2006-01-23T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8741
Vulnerability from cvelistv5
Published
2018-03-17 14:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/03/17/2 | x_refsource_MISC | |
| https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040554 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2018/dsa-4168 | vendor-advisory, x_refsource_DEBIAN | |
| https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/ | x_refsource_MISC | |
| https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/17/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e"
},
{
"name": "1040554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040554"
},
{
"name": "DSA-4168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1344-1] squirrelmail security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/17/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e"
},
{
"name": "1040554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040554"
},
{
"name": "DSA-4168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1344-1] squirrelmail security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2018/03/17/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/03/17/2"
},
{
"name": "https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e",
"refsource": "MISC",
"url": "https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e"
},
{
"name": "1040554",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040554"
},
{
"name": "DSA-4168",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4168"
},
{
"name": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/",
"refsource": "MISC",
"url": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/"
},
{
"name": "https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/",
"refsource": "MISC",
"url": "https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1344-1] squirrelmail security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8741",
"datePublished": "2018-03-17T14:00:00",
"dateReserved": "2018-03-17T00:00:00",
"dateUpdated": "2024-08-05T07:02:26.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3663
Vulnerability from cvelistv5
Published
2008-09-24 14:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
},
{
"name": "31321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31321"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "4304",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4304"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
},
{
"name": "squirrelmail-cookie-session-hijacking(45700)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10548",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
},
{
"name": "31321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31321"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "4304",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4304"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
},
{
"name": "squirrelmail-cookie-session-hijacking(45700)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10548",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html",
"refsource": "CONFIRM",
"url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
},
{
"name": "31321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31321"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "4304",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4304"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
},
{
"name": "squirrelmail-cookie-session-hijacking(45700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "SUSE-SR:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10548",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3663",
"datePublished": "2008-09-24T14:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1580
Vulnerability from cvelistv5
Published
2009-05-14 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35073"
},
{
"name": "squirrelmail-baseuri-session-hijacking(50462)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
},
{
"name": "oval:org.mitre.oval:def:10107",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35073"
},
{
"name": "squirrelmail-baseuri-session-hijacking(50462)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
},
{
"name": "oval:org.mitre.oval:def:10107",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13676",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13676"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500358",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-11",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "squirrelmail-baseuri-session-hijacking(50462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
},
{
"name": "oval:org.mitre.oval:def:10107",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1580",
"datePublished": "2009-05-14T17:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1036
Vulnerability from cvelistv5
Published
2004-11-16 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18031 | vdb-entry, x_refsource_XF | |
| http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff | x_refsource_CONFIRM | |
| http://www.squirrelmail.org/ | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592 | vdb-entry, signature, x_refsource_OVAL | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 | vendor-advisory, x_refsource_CONECTIVA | |
| http://marc.info/?l=bugtraq&m=110012133608004&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2005-01-25",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "GLSA-200411-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"name": "squirrelmail-mime-xss(18031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:9592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
},
{
"name": "CLA-2004:905",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000905"
},
{
"name": "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110012133608004\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2005-01-25",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "GLSA-200411-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"name": "squirrelmail-mime-xss(18031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:9592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
},
{
"name": "CLA-2004:905",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000905"
},
{
"name": "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110012133608004\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-01-25",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "GLSA-200411-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"name": "squirrelmail-mime-xss(18031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
},
{
"name": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff",
"refsource": "CONFIRM",
"url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"name": "http://www.squirrelmail.org/",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:9592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
},
{
"name": "CLA-2004:905",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000905"
},
{
"name": "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110012133608004\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1036",
"datePublished": "2004-11-16T05:00:00",
"dateReserved": "2004-11-15T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1276
Vulnerability from cvelistv5
Published
2002-11-14 05:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2002/dsa-191 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/7019 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10634.php | vdb-entry, x_refsource_XF | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/8220 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2003-042.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "7019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7019"
},
{
"name": "squirrelmail-striptags-phpself-xss(10634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10634.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471"
},
{
"name": "8220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8220"
},
{
"name": "RHSA-2003:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "7019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7019"
},
{
"name": "squirrelmail-striptags-phpself-xss(10634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10634.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471"
},
{
"name": "8220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8220"
},
{
"name": "RHSA-2003:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-191",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "7019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7019"
},
{
"name": "squirrelmail-striptags-phpself-xss(10634)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10634.php"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471"
},
{
"name": "8220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8220"
},
{
"name": "RHSA-2003:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1276",
"datePublished": "2002-11-14T05:00:00",
"dateReserved": "2002-11-08T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1262
Vulnerability from cvelistv5
Published
2007-05-11 03:55
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1290"
},
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "oval:org.mitre.oval:def:11712",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712"
},
{
"name": "25200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25200"
},
{
"name": "ADV-2007-1748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"name": "35888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35888"
},
{
"name": "25320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25320"
},
{
"name": "1018033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018033"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1353"
},
{
"name": "JVN#09157962",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN09157962/index.html"
},
{
"name": "35887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"name": "MDKSA-2007:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"name": "25236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25236"
},
{
"name": "25690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25690"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "RHSA-2007:0358",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25787"
},
{
"name": "23910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23910"
},
{
"name": "JVNDB-2007-000398",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1290",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1290"
},
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "oval:org.mitre.oval:def:11712",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712"
},
{
"name": "25200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25200"
},
{
"name": "ADV-2007-1748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"name": "35888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35888"
},
{
"name": "25320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25320"
},
{
"name": "1018033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018033"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1353"
},
{
"name": "JVN#09157962",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN09157962/index.html"
},
{
"name": "35887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"name": "MDKSA-2007:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"name": "25236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25236"
},
{
"name": "25690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25690"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "RHSA-2007:0358",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25787"
},
{
"name": "23910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23910"
},
{
"name": "JVNDB-2007-000398",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1290",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1290"
},
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "oval:org.mitre.oval:def:11712",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712"
},
{
"name": "25200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25200"
},
{
"name": "ADV-2007-1748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1748"
},
{
"name": "35888",
"refsource": "OSVDB",
"url": "http://osvdb.org/35888"
},
{
"name": "25320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25320"
},
{
"name": "1018033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018033"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1353",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1353"
},
{
"name": "JVN#09157962",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN09157962/index.html"
},
{
"name": "35887",
"refsource": "OSVDB",
"url": "http://osvdb.org/35887"
},
{
"name": "http://www.squirrelmail.org/security/issue/2007-05-09",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2007-05-09"
},
{
"name": "MDKSA-2007:106",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:106"
},
{
"name": "25236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25236"
},
{
"name": "25690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25690"
},
{
"name": "SUSE-SR:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "RHSA-2007:0358",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0358.html"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "25787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25787"
},
{
"name": "23910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23910"
},
{
"name": "JVNDB-2007-000398",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1262",
"datePublished": "2007-05-11T03:55:00",
"dateReserved": "2007-03-03T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1579
Vulnerability from cvelistv5
Published
2009-05-14 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:10986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674\u0026r2=13673\u0026pathrev=13674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "squirrelmail-mapypalias-code-execution(50461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461"
},
{
"name": "RHSA-2009:1066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13674"
},
{
"name": "ADV-2009-3315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-10"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:10986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674\u0026r2=13673\u0026pathrev=13674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "FEDORA-2009-4880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "squirrelmail-mapypalias-code-execution(50461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461"
},
{
"name": "RHSA-2009:1066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13674"
},
{
"name": "ADV-2009-3315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2009-05-10"
},
{
"name": "DSA-1802",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:10986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674\u0026r2=13673\u0026pathrev=13674",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674\u0026r2=13673\u0026pathrev=13674"
},
{
"name": "https://gna.org/forum/forum.php?forum_id=2146",
"refsource": "CONFIRM",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
"refsource": "CONFIRM",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500360",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500360"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "squirrelmail-mapypalias-code-execution(50461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461"
},
{
"name": "RHSA-2009:1066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "37415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37415"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13674",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13674"
},
{
"name": "ADV-2009-3315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-10",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-10"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1579",
"datePublished": "2009-05-14T17:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0519
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "squirrel-composephp-xss(16025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16025"
},
{
"name": "20040430 Re: SquirrelMail Cross Scripting Attacks....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/361857"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "oval:org.mitre.oval:def:1006",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11531"
},
{
"name": "11686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11686"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "GLSA-200405-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"name": "oval:org.mitre.oval:def:10274",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274"
},
{
"name": "20040429 SquirrelMail Cross Scripting Attacks....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108334862800260"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "squirrel-composephp-xss(16025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16025"
},
{
"name": "20040430 Re: SquirrelMail Cross Scripting Attacks....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/361857"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "oval:org.mitre.oval:def:1006",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11531"
},
{
"name": "11686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11686"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "GLSA-200405-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"name": "oval:org.mitre.oval:def:10274",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274"
},
{
"name": "20040429 SquirrelMail Cross Scripting Attacks....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108334862800260"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12289"
},
{
"name": "squirrel-composephp-xss(16025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16025"
},
{
"name": "20040430 Re: SquirrelMail Cross Scripting Attacks....",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/361857"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "oval:org.mitre.oval:def:1006",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006"
},
{
"name": "FEDORA-2004-160",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11531"
},
{
"name": "11686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11686"
},
{
"name": "11870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "GLSA-200405-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"name": "oval:org.mitre.oval:def:10274",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274"
},
{
"name": "20040429 SquirrelMail Cross Scripting Attacks....",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108334862800260"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0519",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-06-02T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14955
Vulnerability from cvelistv5
Published
2018-08-05 18:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/squirrelmail/bugs/2831/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/07/26/2 | x_refsource_MISC | |
| https://bugs.debian.org/905023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14955",
"datePublished": "2018-08-05T18:00:00",
"dateReserved": "2018-08-05T00:00:00",
"dateUpdated": "2024-08-05T09:46:24.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1648
Vulnerability from cvelistv5
Published
2005-03-28 05:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/153043 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/3956 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squirrelmail-html-execute-script(7989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squirrelmail-html-execute-script(7989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-html-execute-script(7989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1648",
"datePublished": "2005-03-28T05:00:00",
"dateReserved": "2005-03-28T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14950
Vulnerability from cvelistv5
Published
2018-08-05 18:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/squirrelmail/bugs/2831/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/07/26/2 | x_refsource_MISC | |
| https://bugs.debian.org/905023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003csvg\u003e\u003ca xlink:href=\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003csvg\u003e\u003ca xlink:href=\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14950",
"datePublished": "2018-08-05T18:00:00",
"dateReserved": "2018-08-05T00:00:00",
"dateUpdated": "2024-08-05T09:46:24.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2964
Vulnerability from cvelistv5
Published
2009-08-25 17:00
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "FEDORA-2009-8822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
},
{
"name": "JVN#30881447",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN30881447/index.html"
},
{
"name": "34627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
},
{
"name": "DSA-2091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
},
{
"name": "MDVSA-2009:222",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "oval:org.mitre.oval:def:10668",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "60469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60469"
},
{
"name": "squirrelmail-unspecified-csrf(52406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
},
{
"name": "40964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40964"
},
{
"name": "FEDORA-2009-8797",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
},
{
"name": "ADV-2010-2080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
},
{
"name": "36196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36196"
},
{
"name": "37415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37415"
},
{
"name": "36363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2009-08-12"
},
{
"name": "ADV-2009-3315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name": "57001",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/57001"
},
{
"name": "JVNDB-2009-002207",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
},
{
"name": "ADV-2009-2262",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "FEDORA-2009-8822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
},
{
"name": "JVN#30881447",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN30881447/index.html"
},
{
"name": "34627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
},
{
"name": "DSA-2091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
},
{
"name": "MDVSA-2009:222",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "oval:org.mitre.oval:def:10668",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "60469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60469"
},
{
"name": "squirrelmail-unspecified-csrf(52406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
},
{
"name": "40964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40964"
},
{
"name": "FEDORA-2009-8797",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
},
{
"name": "ADV-2010-2080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
},
{
"name": "36196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36196"
},
{
"name": "37415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37415"
},
{
"name": "36363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2009-08-12"
},
{
"name": "ADV-2009-3315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name": "57001",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/57001"
},
{
"name": "JVNDB-2009-002207",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
},
{
"name": "ADV-2009-2262",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "FEDORA-2009-8822",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html"
},
{
"name": "https://gna.org/forum/forum.php?forum_id=2146",
"refsource": "CONFIRM",
"url": "https://gna.org/forum/forum.php?forum_id=2146"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "http://download.gna.org/nasmail/nasmail-1.7.zip",
"refsource": "CONFIRM",
"url": "http://download.gna.org/nasmail/nasmail-1.7.zip"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13818"
},
{
"name": "JVN#30881447",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30881447/index.html"
},
{
"name": "34627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34627"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818"
},
{
"name": "DSA-2091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2091"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=517312",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=517312"
},
{
"name": "MDVSA-2009:222",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:222"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "oval:org.mitre.oval:def:10668",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "60469",
"refsource": "OSVDB",
"url": "http://osvdb.org/60469"
},
{
"name": "squirrelmail-unspecified-csrf(52406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52406"
},
{
"name": "40964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40964"
},
{
"name": "FEDORA-2009-8797",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html"
},
{
"name": "ADV-2010-2080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2080"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818\u0026view=markup\u0026pathrev=13818"
},
{
"name": "36196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36196"
},
{
"name": "37415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37415"
},
{
"name": "36363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36363"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-08-12",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-08-12"
},
{
"name": "ADV-2009-3315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3315"
},
{
"name": "57001",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57001"
},
{
"name": "JVNDB-2009-002207",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html"
},
{
"name": "ADV-2009-2262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2964",
"datePublished": "2009-08-25T17:00:00",
"dateReserved": "2009-08-25T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2095
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "14254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14254"
},
{
"name": "20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/405200"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00090-07142005"
},
{
"name": "20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/405202"
},
{
"name": "FLSA:163047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "squirrelmail-set-post-variable(21359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21359"
},
{
"name": "RHSA-2005:595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"name": "DSA-756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2005-07-13"
},
{
"name": "oval:org.mitre.oval:def:10500",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "14254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14254"
},
{
"name": "20050714 [SM-ANNOUNCE] Patch available for CAN-2005-2095",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/405200"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00090-07142005"
},
{
"name": "20050714 SquirrelMail Arbitrary Variable Overwriting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/405202"
},
{
"name": "FLSA:163047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "squirrelmail-set-post-variable(21359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21359"
},
{
"name": "RHSA-2005:595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-595.html"
},
{
"name": "DSA-756",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-756"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2005-07-13"
},
{
"name": "oval:org.mitre.oval:def:10500",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2095",
"datePublished": "2005-07-13T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14954
Vulnerability from cvelistv5
Published
2018-08-05 18:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/squirrelmail/bugs/2831/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/07/26/2 | x_refsource_MISC | |
| https://bugs.debian.org/905023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14954",
"datePublished": "2018-08-05T18:00:00",
"dateReserved": "2018-08-05T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3635
Vulnerability from cvelistv5
Published
2007-07-10 00:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squirrelmail.org/plugin_view.php?id=153 | x_refsource_CONFIRM | |
| http://www.attrition.org/pipermail/vim/2007-July/001703.html | mailing-list, x_refsource_VIM | |
| http://osvdb.org/45789 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/plugin_view.php?id=153"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name": "45789",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow \"local authenticated users\" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/plugin_view.php?id=153"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name": "45789",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow \"local authenticated users\" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squirrelmail.org/plugin_view.php?id=153",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/plugin_view.php?id=153"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name": "45789",
"refsource": "OSVDB",
"url": "http://osvdb.org/45789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3635",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0639
Vulnerability from cvelistv5
Published
2004-07-09 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16285 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108611554415078&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2004/dsa-535 | vendor-advisory, x_refsource_DEBIAN | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973 | x_refsource_CONFIRM | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.securityfocus.com/bid/10450 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "squirrelmail-from-header-xss(16285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "squirrelmail-from-header-xss(16285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "squirrelmail-from-header-xss(16285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16285"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "DSA-535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973"
},
{
"name": "CLA-2004:858",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "10450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0639",
"datePublished": "2004-07-09T04:00:00",
"dateReserved": "2004-07-08T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4554
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2291 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 | vdb-entry, x_refsource_XF | |
| http://support.apple.com/kb/HT5130 | x_refsource_CONFIRM | |
| http://www.squirrelmail.org/security/issue/2011-07-12 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=720693 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0103.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "squirrelmail-http-clickjacking(68512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720693"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch\u0026r1=14117\u0026r2=14116\u0026pathrev=14117"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "squirrelmail-http-clickjacking(68512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720693"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch\u0026r1=14117\u0026r2=14116\u0026pathrev=14117"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2291",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "squirrelmail-http-clickjacking(68512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "http://www.squirrelmail.org/security/issue/2011-07-12",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2011-07-12"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=720693",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720693"
},
{
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch\u0026r1=14117\u0026r2=14116\u0026pathrev=14117",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch\u0026r1=14117\u0026r2=14116\u0026pathrev=14117"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4554",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2010-12-16T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7692
Vulnerability from cvelistv5
Published
2017-04-20 14:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/98067 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2017/04/19/6 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/41910/ | exploit, x_refsource_EXPLOIT-DB | |
| https://security.gentoo.org/glsa/201709-13 | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2017/dsa-3852 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1038312 | vdb-entry, x_refsource_SECTRACK | |
| http://openwall.com/lists/oss-security/2017/04/27/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html"
},
{
"name": "98067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/04/19/6"
},
{
"name": "41910",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41910/"
},
{
"name": "GLSA-201709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-13"
},
{
"name": "DSA-3852",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3852"
},
{
"name": "1038312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/04/27/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It\u0027s possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn\u0027t escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it\u0027s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the \"Options \u003e Personal Informations \u003e Email Address\" setting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html"
},
{
"name": "98067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/04/19/6"
},
{
"name": "41910",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41910/"
},
{
"name": "GLSA-201709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-13"
},
{
"name": "DSA-3852",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3852"
},
{
"name": "1038312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/04/27/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It\u0027s possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn\u0027t escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it\u0027s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the \"Options \u003e Personal Informations \u003e Email Address\" setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html"
},
{
"name": "98067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98067"
},
{
"name": "http://openwall.com/lists/oss-security/2017/04/19/6",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/04/19/6"
},
{
"name": "41910",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41910/"
},
{
"name": "GLSA-201709-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-13"
},
{
"name": "DSA-3852",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3852"
},
{
"name": "1038312",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038312"
},
{
"name": "http://openwall.com/lists/oss-security/2017/04/27/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/04/27/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7692",
"datePublished": "2017-04-20T14:00:00",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0516
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8671.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4385 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:29.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020331 Re: squirrelmail 1.2.5 email user can execute command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html"
},
{
"name": "20020327 squirrelmail 1.2.5 email user can execute command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html"
},
{
"name": "squirrelmail-theme-command-execution(8671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8671.php"
},
{
"name": "4385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020331 Re: squirrelmail 1.2.5 email user can execute command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html"
},
{
"name": "20020327 squirrelmail 1.2.5 email user can execute command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html"
},
{
"name": "squirrelmail-theme-command-execution(8671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8671.php"
},
{
"name": "4385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020331 Re: squirrelmail 1.2.5 email user can execute command",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html"
},
{
"name": "20020327 squirrelmail 1.2.5 email user can execute command",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html"
},
{
"name": "squirrelmail-theme-command-execution(8671)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8671.php"
},
{
"name": "4385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0516",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:29.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1132
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2002/dsa-191 | vendor-advisory, x_refsource_DEBIAN | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2002-204.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/10345.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5949 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "20020919 Squirrel Mail 1.2.7 XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"name": "RHSA-2002:204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"name": "squirrelmail-options-path-disclosure(10345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10345.php"
},
{
"name": "5949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "20020919 Squirrel Mail 1.2.7 XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"name": "RHSA-2002:204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"name": "squirrelmail-options-path-disclosure(10345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10345.php"
},
{
"name": "5949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-191",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "20020919 Squirrel Mail 1.2.7 XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"name": "RHSA-2002:204",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
},
{
"name": "squirrelmail-options-path-disclosure(10345)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10345.php"
},
{
"name": "5949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1132",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-20T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4019
Vulnerability from cvelistv5
Published
2006-08-11 21:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:43.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21586"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-577"
},
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "DSA-1154",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1154"
},
{
"name": "21354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21354"
},
{
"name": "22487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22487"
},
{
"name": "1016689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016689"
},
{
"name": "SUSE-SR:2006:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "ADV-2006-3271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3271"
},
{
"name": "21444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21444"
},
{
"name": "squirrelmail-compose-variable-overwrite(28365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365"
},
{
"name": "22080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22080"
},
{
"name": "20060811 SquirrelMail issue is dynamic variable evaluation",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-August/000970.html"
},
{
"name": "19486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19486"
},
{
"name": "RHSA-2006:0668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0668.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2006-08-11"
},
{
"name": "22104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22104"
},
{
"name": "20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442993/100/0/threaded"
},
{
"name": "20060811 rPSA-2006-0152-1 squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442980/100/0/threaded"
},
{
"name": "20060811 rPSA-2006-0152-1 squirrelmail",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115532449024178\u0026w=2"
},
{
"name": "27917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27917"
},
{
"name": "oval:org.mitre.oval:def:11533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "20061001-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "MDKSA-2006:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21586"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-577"
},
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "DSA-1154",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1154"
},
{
"name": "21354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21354"
},
{
"name": "22487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22487"
},
{
"name": "1016689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016689"
},
{
"name": "SUSE-SR:2006:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "ADV-2006-3271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3271"
},
{
"name": "21444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21444"
},
{
"name": "squirrelmail-compose-variable-overwrite(28365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365"
},
{
"name": "22080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22080"
},
{
"name": "20060811 SquirrelMail issue is dynamic variable evaluation",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-August/000970.html"
},
{
"name": "19486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19486"
},
{
"name": "RHSA-2006:0668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0668.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2006-08-11"
},
{
"name": "22104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22104"
},
{
"name": "20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442993/100/0/threaded"
},
{
"name": "20060811 rPSA-2006-0152-1 squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442980/100/0/threaded"
},
{
"name": "20060811 rPSA-2006-0152-1 squirrelmail",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115532449024178\u0026w=2"
},
{
"name": "27917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27917"
},
{
"name": "oval:org.mitre.oval:def:11533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "20061001-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "MDKSA-2006:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21586"
},
{
"name": "https://issues.rpath.com/browse/RPL-577",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-577"
},
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "DSA-1154",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1154"
},
{
"name": "21354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21354"
},
{
"name": "22487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22487"
},
{
"name": "1016689",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016689"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "ADV-2006-3271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3271"
},
{
"name": "21444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21444"
},
{
"name": "squirrelmail-compose-variable-overwrite(28365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28365"
},
{
"name": "22080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22080"
},
{
"name": "20060811 SquirrelMail issue is dynamic variable evaluation",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-August/000970.html"
},
{
"name": "19486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19486"
},
{
"name": "RHSA-2006:0668",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0668.html"
},
{
"name": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch",
"refsource": "MISC",
"url": "http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch"
},
{
"name": "http://www.squirrelmail.org/security/issue/2006-08-11",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2006-08-11"
},
{
"name": "22104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22104"
},
{
"name": "20060811 SquirrelMail 1.4.8 released - fixes variable overwriting attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442993/100/0/threaded"
},
{
"name": "20060811 rPSA-2006-0152-1 squirrelmail",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442980/100/0/threaded"
},
{
"name": "20060811 rPSA-2006-0152-1 squirrelmail",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115532449024178\u0026w=2"
},
{
"name": "27917",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27917"
},
{
"name": "oval:org.mitre.oval:def:11533",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "20061001-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "MDKSA-2006:147",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:147"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4019",
"datePublished": "2006-08-11T21:00:00",
"dateReserved": "2006-08-08T00:00:00",
"dateUpdated": "2024-08-07T18:57:43.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1341
Vulnerability from cvelistv5
Published
2002-12-11 05:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104004924002662&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10754 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/6302 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=103893844126484&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=103911130503272&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2002/dsa-220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/8220 | third-party-advisory, x_refsource_SECUNIA | |
| http://f0kp.iplus.ru/bz/008.txt | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2003-042.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021215 GLSA: squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104004924002662\u0026w=2"
},
{
"name": "squirrelmail-readbody-xss(10754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"
},
{
"name": "6302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6302"
},
{
"name": "20021203 SquirrelMail v1.2.9 XSS bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103893844126484\u0026w=2"
},
{
"name": "20021203 Re: SquirrelMail v1.2.9 XSS bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103911130503272\u0026w=2"
},
{
"name": "DSA-220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-220"
},
{
"name": "8220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8220"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://f0kp.iplus.ru/bz/008.txt"
},
{
"name": "RHSA-2003:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021215 GLSA: squirrelmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104004924002662\u0026w=2"
},
{
"name": "squirrelmail-readbody-xss(10754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"
},
{
"name": "6302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6302"
},
{
"name": "20021203 SquirrelMail v1.2.9 XSS bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103893844126484\u0026w=2"
},
{
"name": "20021203 Re: SquirrelMail v1.2.9 XSS bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103911130503272\u0026w=2"
},
{
"name": "DSA-220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-220"
},
{
"name": "8220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8220"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://f0kp.iplus.ru/bz/008.txt"
},
{
"name": "RHSA-2003:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021215 GLSA: squirrelmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104004924002662\u0026w=2"
},
{
"name": "squirrelmail-readbody-xss(10754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"
},
{
"name": "6302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6302"
},
{
"name": "20021203 SquirrelMail v1.2.9 XSS bugs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103893844126484\u0026w=2"
},
{
"name": "20021203 Re: SquirrelMail v1.2.9 XSS bugs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103911130503272\u0026w=2"
},
{
"name": "DSA-220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-220"
},
{
"name": "8220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8220"
},
{
"name": "http://f0kp.iplus.ru/bz/008.txt",
"refsource": "MISC",
"url": "http://f0kp.iplus.ru/bz/008.txt"
},
{
"name": "RHSA-2003:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1341",
"datePublished": "2002-12-11T05:00:00",
"dateReserved": "2002-12-05T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14953
Vulnerability from cvelistv5
Published
2018-08-05 18:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/squirrelmail/bugs/2831/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/07/26/2 | x_refsource_MISC | |
| https://bugs.debian.org/905023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cmath xlink:href=\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cmath xlink:href=\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14953",
"datePublished": "2018-08-05T18:00:00",
"dateReserved": "2018-08-05T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14932
Vulnerability from cvelistv5
Published
2020-06-20 12:07
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/06/20/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-20T12:07:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/06/20/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/06/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14932",
"datePublished": "2020-06-20T12:07:23",
"dateReserved": "2020-06-20T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5623
Vulnerability from cvelistv5
Published
2020-02-13 18:42
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/12/04/6 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Squirrelmail | Squirrelmail |
Version: 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121203 Re: Strange CVE situation (at least one ID should come of this)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Squirrelmail",
"vendor": "Squirrelmail",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use of deprecated algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T18:42:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121203 Re: Strange CVE situation (at least one ID should come of this)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Squirrelmail",
"version": {
"version_data": [
{
"version_value": "4.0"
}
]
}
}
]
},
"vendor_name": "Squirrelmail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use of deprecated algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121203 Re: Strange CVE situation (at least one ID should come of this)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5623",
"datePublished": "2020-02-13T18:42:07",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1131
Vulnerability from cvelistv5
Published
2002-09-24 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10145.php | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2002/dsa-191 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/5763 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html | mailing-list, x_refsource_BUGTRAQ | |
| http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2002-204.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squirrelmail-php-xss(10145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10145.php"
},
{
"name": "DSA-191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "5763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5763"
},
{
"name": "20020919 Squirrel Mail 1.2.7 XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=311\u0026release_id=110774"
},
{
"name": "RHSA-2002:204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-10-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squirrelmail-php-xss(10145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10145.php"
},
{
"name": "DSA-191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "5763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5763"
},
{
"name": "20020919 Squirrel Mail 1.2.7 XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=311\u0026release_id=110774"
},
{
"name": "RHSA-2002:204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-php-xss(10145)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10145.php"
},
{
"name": "DSA-191",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-191"
},
{
"name": "5763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5763"
},
{
"name": "20020919 Squirrel Mail 1.2.7 XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=311\u0026release_id=110774",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=311\u0026release_id=110774"
},
{
"name": "RHSA-2002:204",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-204.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1131",
"datePublished": "2002-09-24T04:00:00",
"dateReserved": "2002-09-20T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1159
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/2968 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/6775.php | vdb-entry, x_refsource_XF | |
| http://www.squirrelmail.org/changelog.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010702 (SRADV00010) Remote command execution vulnerabilities in SquirrelMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html"
},
{
"name": "2968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2968"
},
{
"name": "squirrelmail-loadprefs-execute-code(6775)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/6775.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010702 (SRADV00010) Remote command execution vulnerabilities in SquirrelMail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html"
},
{
"name": "2968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2968"
},
{
"name": "squirrelmail-loadprefs-execute-code(6775)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/6775.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010702 (SRADV00010) Remote command execution vulnerabilities in SquirrelMail",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html"
},
{
"name": "2968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2968"
},
{
"name": "squirrelmail-loadprefs-execute-code(6775)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6775.php"
},
{
"name": "http://www.squirrelmail.org/changelog.php",
"refsource": "MISC",
"url": "http://www.squirrelmail.org/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1159",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0990
Vulnerability from cvelistv5
Published
2004-01-06 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14079 | vdb-entry, x_refsource_XF | |
| http://www.bugtraq.org/advisories/_BSSADV-0001.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=107247236124180&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9296 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/348366 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squirrelmail-parseaddress-command-execution(14079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt"
},
{
"name": "20031224 Bugtraq Security Systems ADV-0001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107247236124180\u0026w=2"
},
{
"name": "9296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9296"
},
{
"name": "20031226 Re: Reported Command Injection in Squirrelmail GPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/348366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squirrelmail-parseaddress-command-execution(14079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt"
},
{
"name": "20031224 Bugtraq Security Systems ADV-0001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107247236124180\u0026w=2"
},
{
"name": "9296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9296"
},
{
"name": "20031226 Re: Reported Command Injection in Squirrelmail GPG",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/348366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-parseaddress-command-execution(14079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079"
},
{
"name": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt",
"refsource": "MISC",
"url": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt"
},
{
"name": "20031224 Bugtraq Security Systems ADV-0001",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107247236124180\u0026w=2"
},
{
"name": "9296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9296"
},
{
"name": "20031226 Re: Reported Command Injection in Squirrelmail GPG",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/348366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0990",
"datePublished": "2004-01-06T05:00:00",
"dateReserved": "2003-12-16T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0103
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19037 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-135.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=110702772714662&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2005-099.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/13962/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squirrelmail-frame-file-include(19037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19037"
},
{
"name": "oval:org.mitre.oval:def:10670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223"
},
{
"name": "RHSA-2005:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "GLSA-200501-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squirrelmail-frame-file-include(19037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19037"
},
{
"name": "oval:org.mitre.oval:def:10670",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223"
},
{
"name": "RHSA-2005:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "GLSA-200501-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-frame-file-include(19037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19037"
},
{
"name": "oval:org.mitre.oval:def:10670",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10670"
},
{
"name": "http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223"
},
{
"name": "RHSA-2005:135",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-135.html"
},
{
"name": "20050129 SquirrelMail Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110702772714662\u0026w=2"
},
{
"name": "RHSA-2005:099",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-099.html"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "13962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13962/"
},
{
"name": "GLSA-200501-39",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0103",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2752
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2291 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.squirrelmail.org/security/issue/2011-07-11 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0103.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "squirrelmail-newline-crlf-injection(68587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68587"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \\n (newline) character, a different vulnerability than CVE-2010-4555."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "squirrelmail-newline-crlf-injection(68587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68587"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \\n (newline) character, a different vulnerability than CVE-2010-4555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2291",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "squirrelmail-newline-crlf-injection(68587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68587"
},
{
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "http://www.squirrelmail.org/security/issue/2011-07-11",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2752",
"datePublished": "2011-07-17T20:00:00",
"dateReserved": "2011-07-17T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3634
Vulnerability from cvelistv5
Published
2007-07-10 00:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45788 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24782 | vdb-entry, x_refsource_BID | |
| http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html | mailing-list, x_refsource_MLIST | |
| http://www.wslabi.com/wabisabilabi/initPublishedBid.do? | x_refsource_MISC | |
| http://www.attrition.org/pipermail/vim/2007-July/001703.html | mailing-list, x_refsource_VIM | |
| http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html | mailing-list, x_refsource_MLIST | |
| http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45788"
},
{
"name": "24782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24782"
},
{
"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name": "[dailydave] 20070708 SquirrelMail GPG Plugin vuln",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"
},
{
"name": "[dailydave] 20070706 (no subject)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45788"
},
{
"name": "24782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24782"
},
{
"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name": "[dailydave] 20070708 SquirrelMail GPG Plugin vuln",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"
},
{
"name": "[dailydave] 20070706 (no subject)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45788",
"refsource": "OSVDB",
"url": "http://osvdb.org/45788"
},
{
"name": "24782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24782"
},
{
"name": "[dailydave] 20070709 SquirrelMail GPG Plugin vuln",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"name": "20070710 SquirrelMail GPG Plugin Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001703.html"
},
{
"name": "[dailydave] 20070708 SquirrelMail GPG Plugin vuln",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html"
},
{
"name": "[dailydave] 20070706 (no subject)",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3634",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4555
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2291 | vendor-advisory, x_refsource_DEBIAN | |
| http://support.apple.com/kb/HT5130 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.squirrelmail.org/security/issue/2011-07-11 | x_refsource_CONFIRM | |
| http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=720694 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0103.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-dropdown-xss(68510)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"name": "squirrelmail-spellchecking-xss(68511)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the \u003e (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2291",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-dropdown-xss(68510)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"name": "squirrelmail-spellchecking-xss(68511)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
},
{
"name": "MDVSA-2011:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the \u003e (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2291",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-dropdown-xss(68510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"name": "squirrelmail-spellchecking-xss(68511)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
},
{
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://www.squirrelmail.org/security/issue/2011-07-11",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision\u0026revision=14119"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=720694",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4555",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2010-12-16T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3665
Vulnerability from cvelistv5
Published
2006-07-17 21:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27632 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/17005 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/2708 | vdb-entry, x_refsource_VUPEN | |
| http://www.squirrelmail.org/changelog.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squirrelmail-redirect-cookie-hijack(27632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27632"
},
{
"name": "17005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17005"
},
{
"name": "ADV-2006-2708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while \"cookie theft\" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squirrelmail-redirect-cookie-hijack(27632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27632"
},
{
"name": "17005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17005"
},
{
"name": "ADV-2006-2708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squirrelmail.org/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while \"cookie theft\" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-redirect-cookie-hijack(27632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27632"
},
{
"name": "17005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17005"
},
{
"name": "ADV-2006-2708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2708"
},
{
"name": "http://www.squirrelmail.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3665",
"datePublished": "2006-07-17T21:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1637
Vulnerability from cvelistv5
Published
2010-06-22 17:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-10264",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html"
},
{
"name": "40291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40291"
},
{
"name": "MDVSA-2010:120",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "40307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40307"
},
{
"name": "ADV-2010-1535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1535"
},
{
"name": "ADV-2010-1554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1554"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"name": "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"name": "ADV-2010-1536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1536"
},
{
"name": "FEDORA-2010-10259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html"
},
{
"name": "[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/1"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "40307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://squirrelmail.org/security/issue/2010-06-21"
},
{
"name": "FEDORA-2010-10244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-26T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-10264",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html"
},
{
"name": "40291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40291"
},
{
"name": "MDVSA-2010:120",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "40307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40307"
},
{
"name": "ADV-2010-1535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1535"
},
{
"name": "ADV-2010-1554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1554"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"name": "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951\u0026r2=13950\u0026pathrev=13951"
},
{
"name": "ADV-2010-1536",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1536"
},
{
"name": "FEDORA-2010-10259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html"
},
{
"name": "[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/1"
},
{
"name": "RHSA-2012:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name": "40307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://squirrelmail.org/security/issue/2010-06-21"
},
{
"name": "FEDORA-2010-10244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1637",
"datePublished": "2010-06-22T17:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0520
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "oval:org.mitre.oval:def:1012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"name": "oval:org.mitre.oval:def:10766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"name": "GLSA-200406-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "10439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "[squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "oval:org.mitre.oval:def:1012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"name": "oval:org.mitre.oval:def:10766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"name": "GLSA-200406-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "10439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10439"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "[squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt"
},
{
"name": "12289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12289"
},
{
"name": "oval:org.mitre.oval:def:1012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012"
},
{
"name": "oval:org.mitre.oval:def:10766",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766"
},
{
"name": "GLSA-200406-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml"
},
{
"name": "20040530 RS-2004-1: SquirrelMail \"Content-Type\" XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108611554415078\u0026w=2"
},
{
"name": "FEDORA-2004-160",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11870"
},
{
"name": "DSA-535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "FEDORA-2004-1733",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "10439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10439"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "[squirrelmail-cvs] 20040523 [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28",
"refsource": "MLIST",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0520",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-06-02T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0030
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 04:17
Severity ?
EPSS score ?
Summary
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2009-0057.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/33611 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=480488 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=480224 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48115 | vdb-entry, x_refsource_XF | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://securitytracker.com/id?1021611 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/33354 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0057.html"
},
{
"name": "33611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480224"
},
{
"name": "oval:org.mitre.oval:def:10366",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366"
},
{
"name": "squirrelmail-sessionid-session-hijacking(48115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "1021611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021611"
},
{
"name": "33354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users\u0027 folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2009:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0057.html"
},
{
"name": "33611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480224"
},
{
"name": "oval:org.mitre.oval:def:10366",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366"
},
{
"name": "squirrelmail-sessionid-session-hijacking(48115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "1021611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021611"
},
{
"name": "33354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33354"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0030",
"datePublished": "2009-01-21T20:00:00",
"dateReserved": "2008-12-15T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14951
Vulnerability from cvelistv5
Published
2018-08-05 18:00
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/squirrelmail/bugs/2831/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/07/26/2 | x_refsource_MISC | |
| https://bugs.debian.org/905023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:24.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cform action=\u0027data:text\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"\u003cform action=\u0027data:text\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
},
{
"name": "FEDORA-2019-ad02f64a79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/"
},
{
"name": "FEDORA-2019-1a87523729",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14951",
"datePublished": "2018-08-05T18:00:00",
"dateReserved": "2018-08-05T00:00:00",
"dateUpdated": "2024-08-05T09:46:24.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0152
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/203214 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/14096 | third-party-advisory, x_refsource_SECUNIA | |
| http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-662 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#203214",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/203214"
},
{
"name": "14096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes"
},
{
"name": "DSA-662",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via \"URL manipulation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-02-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#203214",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/203214"
},
{
"name": "14096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes"
},
{
"name": "DSA-662",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via \"URL manipulation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#203214",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/203214"
},
{
"name": "14096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14096"
},
{
"name": "http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes",
"refsource": "MISC",
"url": "http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes"
},
{
"name": "DSA-662",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0152",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0521
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "10397",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10397"
},
{
"name": "oval:org.mitre.oval:def:11446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446"
},
{
"name": "6841",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6841"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11686"
},
{
"name": "11685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11685"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "[squirrelmail-cvs] 20040427 [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108309375029888"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "squirrelmail-sql-injection(16235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16235"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "GLSA-200405-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"name": "[squirrelmail-devel] 20040511 [SM-DEVEL] SquirrelMail 1.4.3-RC1 Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"name": "oval:org.mitre.oval:def:1033",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "APPLE-SA-2004-09-07",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "O-212",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12289"
},
{
"name": "10397",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10397"
},
{
"name": "oval:org.mitre.oval:def:11446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446"
},
{
"name": "6841",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6841"
},
{
"name": "FEDORA-2004-160",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11686"
},
{
"name": "11685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11685"
},
{
"name": "11870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11870"
},
{
"name": "[squirrelmail-cvs] 20040427 [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108309375029888"
},
{
"name": "DSA-535",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "squirrelmail-sql-injection(16235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16235"
},
{
"name": "FEDORA-2004-1733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "GLSA-200405-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"name": "[squirrelmail-devel] 20040511 [SM-DEVEL] SquirrelMail 1.4.3-RC1 Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"name": "oval:org.mitre.oval:def:1033",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "APPLE-SA-2004-09-07",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "O-212",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12289"
},
{
"name": "10397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10397"
},
{
"name": "oval:org.mitre.oval:def:11446",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11446"
},
{
"name": "6841",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6841"
},
{
"name": "FEDORA-2004-160",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/6827"
},
{
"name": "11686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11686"
},
{
"name": "11685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11685"
},
{
"name": "11870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11870"
},
{
"name": "[squirrelmail-cvs] 20040427 [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2",
"refsource": "MLIST",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108309375029888"
},
{
"name": "DSA-535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-535"
},
{
"name": "RHSA-2004:240",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-240.html"
},
{
"name": "squirrelmail-sql-injection(16235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16235"
},
{
"name": "FEDORA-2004-1733",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1733"
},
{
"name": "GLSA-200405-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-16.xml"
},
{
"name": "[squirrelmail-devel] 20040511 [SM-DEVEL] SquirrelMail 1.4.3-RC1 Release",
"refsource": "MLIST",
"url": "http://marc.info/?l=squirrelmail-cvs\u0026m=108532891231712"
},
{
"name": "oval:org.mitre.oval:def:1033",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1033"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "CLA-2004:858",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000858"
},
{
"name": "APPLE-SA-2004-09-07",
"refsource": "APPLE",
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "O-212",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0521",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-06-02T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}