Lucene search
CVE-2006-0377
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP..
Show more
| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
 | SquirrelFlaws.txt | 2 Mar 200600:00 | – | packetstorm |
 | CVE-2006-0377 | 24 Feb 200600:02 | – | nvd |
 | Crlf injection | 24 Feb 200600:02 | – | prion |
 | CVE-2006-0377 | 24 Feb 200600:00 | – | ubuntucve |
 | CVE-2006-0377 | 24 Feb 200600:00 | – | cvelist |
 | [ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail | 28 Feb 200600:00 | – | securityvulns |
| [ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities | 28 Feb 200600:00 | – | securityvulns |
 | [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities | 8 Mar 200616:42 | – | debian |
| [SECURITY] [DSA 988-1] New squirrelmail packages fix several vulnerabilities | 8 Mar 200616:42 | – | debian |
 | FreeBSD : squirrelmail -- multiple vulnerabilities (af9018b6-a4f5-11da-bb41-0011433a9404) | 13 May 200600:00 | – | nessus |
10
Node
OROROROROROROROROROROR
10
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| mailbox | query param | /src/read_body.php | The 'mailbox' parameter in the GET request can be exploited to inject arbitrary IMAP commands. | CWE-20, CWE-86 |
| subject | binary | /src/compose.php | The 'subject' parameter in the POST request can be manipulated to inject SMTP commands. | CWE-20, CWE-86 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo24 Feb 2006 00:02Current
6.8Medium risk
Vulners AI Score6.8
CVSS25
EPSS0.01608