Design/Logic Flaw

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this...

PT-2009-2743 · Squirrelmail +1 · Squirrelmail +1

Name of the Vulnerable Software and Affected Versions: SquirrelMail version 1.4.8 Description: The issue allows remote authenticated users to access other users' folder lists and configuration data under certain circumstances by using the standard webmail.php interface. This occurs because a Red...

Fedora Core 5 : squirrelmail-1.4.8-3.fc5 (2007-088)

http://squirrelmail.org/security/issue/2006-12-02 CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing http://squirrelmail.org/security/issue/2006-12-03 Workaround for Internet Explorer MIME handling Note that Tenable Network Security has extracted the preceding description...

Fedora Core 6 : squirrelmail-1.4.8-3.fc6 (2007-089)

http://squirrelmail.org/security/issue/2006-12-02 CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing http://squirrelmail.org/security/issue/2006-12-03 Workaround for Internet Explorer MIME handling Note that Tenable Network Security has extracted the preceding description...