1281 matches found
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
source: https://www.securityfocus.com/bid/10246/info It has been reported that SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it...
SquirrelMail chpasswd buffer overflow
Exploit for linux platform in category local exploits ===================================== SquirrelMail chpasswd buffer overflow ===================================== / 0x3142-sq-chpasswd.c Squirremail chpasswd buffer overflow. Tested on SuSE 9. The bug was found by Matias Neiff Coded by x314 c...
SquirrelMail - 'chpasswd' Local Buffer Overflow
/ 0x3142-sq-chpasswd.c Squirremail chpasswd buffer overflow. Tested on SuSE 9. The bug was found by Matias Neiff Coded by x314 c 2004 Copyright by x314. All Rights Reserved. Greets: m0s krewz. / include char shellcode= "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"...
SquirrelMail - chpasswd Local Buffer Overflow
SquirrelMail - chpasswd Local Buffer Overflow / 0x3142-sq-chpasswd.c Squirremail chpasswd buffer overflow. Tested on SuSE 9. The bug was found by Matias Neiff Coded by x314 c 2004 Copyright by x314. All Rights Reserved. Greets: m0s krewz. / include char shellcode=...
Squirrelmail chpasswd buffer overflow
Buffer overflow on oversized username...
CVE-2003-0990
The parseAddress code in 1 SquirrelMail 1.4.0 and 2 GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field...
CVE-2003-0990
The CVE-2003-0990 issue affects SquirrelMail 1.4.0 and the GPG Plugin 1.1, where the parseAddress code can be abused to execute shell commands via metacharacters in the To: field. This is a remote command-execution vulnerability exploitable via SMTP delivery (e.g., via crafted email contents) and...
CVE-2003-0990
The parseAddress code in 1 SquirrelMail 1.4.0 and 2 GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field...
[Full-Disclosure] Bugtraq Security Systems XMAS Advisory 0001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bugtraq Security Systems, Incorporated www.bugtraq.org Security Advisory Advisory Name: Command Injection Issue in Squirrelmail Release Date: 12/24/2003 Application: Squirrelmail Platform: Linux IA32 Linux sparc Linux sparc64 Linux hppa Linux ppc Linu...
SquirrelMail shell characters command execution
Uncommented shell characters in parsing To: headers in PGP plugin...
SquirrelMail Multiple Remote Vulnerabilities
The remote host is running SquirrelMail, a web-based mail server. There is a flaw in the remote installation that could allow an attacker with a valid webmail account to read, move and delete arbitrary files on this server, with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable...
SquirrelMail 1.2.11 Administrator Plugin - options.php Arbitrary Admin Account Creation
SquirrelMail 1.2.11 Administrator Plugin - options.php Arbitrary Admin Account Creation source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The...
SquirrelMail 1.2.11 - move_messages.php Arbitrary File Moving
SquirrelMail 1.2.11 - movemessages.php Arbitrary File Moving source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due t...
SquirrelMail 1.2.11 - Multiple Vulnerabilities
SquirrelMail 1.2.11 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient...
SquirrelMail 1.2.11 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization of URI parameters submitted withi...
SquirrelMail 1.2.11 - 'move_messages.php' Arbitrary File Moving
source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization of URI parameters submitted withi...
SquirrelMail 1.2.11 Administrator Plugin - 'options.php' Arbitrary Admin Account Creation
source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization of URI parameters submitted withi...
CVE-2002-0516
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie...
CVE-2002-0516
CVE-2002-0516 affects SquirrelMail 1.2.5 and earlier. Affected component: THEME cookie handling. Root cause: authenticated users can modify the THEME cookie to execute arbitrary commands. Impact is high (complete confidentiality, integrity, and availability) as per the cited report. No remediatio...
CVE-2003-0160
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser...