The map_yp_alias function in SquirrelMail and NaSMail allows remote code execution via shell metacharacters in the username string used by ypmatch program
Reporter | Title | Published | Views | Family All 76 |
---|---|---|---|---|
Prion | Design/Logic Flaw | 14 May 200917:30 | – | prion |
Prion | Code injection | 22 May 200920:30 | – | prion |
Tenable Nessus | SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution | 15 May 200900:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64 | 1 Aug 201200:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 : squirrelmail (ELSA-2009-1066) | 12 Jul 201300:00 | – | nessus |
Tenable Nessus | Fedora 10 : squirrelmail-1.4.18-1.fc10 (2009-4880) | 13 May 200900:00 | – | nessus |
Tenable Nessus | openSUSE 10 Security Update : squirrelmail (squirrelmail-6242) | 14 May 200900:00 | – | nessus |
Tenable Nessus | RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:1066) | 27 May 200900:00 | – | nessus |
Tenable Nessus | CentOS 3 / 5 : squirrelmail (CESA-2009:1066) | 28 May 200900:00 | – | nessus |
Tenable Nessus | Fedora 11 : squirrelmail-1.4.18-1.fc11 (2009-4875) | 13 May 200900:00 | – | nessus |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo