6.4 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.186 Low
EPSS
Percentile
96.2%
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
attrition.org/pipermail/vim/2006-August/000970.html
docs.info.apple.com/article.html?artnum=306172
lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
marc.info/?l=full-disclosure&m=115532449024178&w=2
secunia.com/advisories/21354
secunia.com/advisories/21444
secunia.com/advisories/21586
secunia.com/advisories/22080
secunia.com/advisories/22104
secunia.com/advisories/22487
secunia.com/advisories/26235
securitytracker.com/id?1016689
www.debian.org/security/2006/dsa-1154
www.mandriva.com/security/advisories?name=MDKSA-2006:147
www.novell.com/linux/security/advisories/2006_23_sr.html
www.osvdb.org/27917
www.redhat.com/support/errata/RHSA-2006-0668.html
www.securityfocus.com/archive/1/442980/100/0/threaded
www.securityfocus.com/archive/1/442993/100/0/threaded
www.securityfocus.com/bid/19486
www.securityfocus.com/bid/25159
www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
www.squirrelmail.org/security/issue/2006-08-11
www.vupen.com/english/advisories/2006/3271
www.vupen.com/english/advisories/2007/2732
exchange.xforce.ibmcloud.com/vulnerabilities/28365
issues.rpath.com/browse/RPL-577
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533