CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP..
Reporter | Title | Published | Views | Family All 28 |
---|---|---|---|---|
![]() | SquirrelFlaws.txt | 2 Mar 200600:00 | – | packetstorm |
![]() | CVE-2006-0377 | 24 Feb 200600:02 | – | nvd |
![]() | Crlf injection | 24 Feb 200600:02 | – | prion |
![]() | CVE-2006-0377 | 24 Feb 200600:00 | – | ubuntucve |
![]() | CVE-2006-0377 | 24 Feb 200600:00 | – | cvelist |
![]() | [ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail | 28 Feb 200600:00 | – | securityvulns |
![]() | [ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities | 28 Feb 200600:00 | – | securityvulns |
![]() | [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities | 8 Mar 200616:42 | – | debian |
![]() | [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities | 8 Mar 200616:42 | – | debian |
![]() | FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404) | 13 May 200600:00 | – | nessus |
Parameter | Position | Path | Description | CWE |
---|---|---|---|---|
mailbox | query param | /src/read_body.php | The 'mailbox' parameter in the GET request can be exploited to inject arbitrary IMAP commands. | CWE-20, CWE-86 |
subject | binary | /src/compose.php | The 'subject' parameter in the POST request can be manipulated to inject SMTP commands. | CWE-20, CWE-86 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo