RedHat Security Advisory RHSA-2009:1066

The remote host is missing updates announced in advisory RHSA-2009:1066. A server-side code injection flaw was found in the SquirrelMail mapypalias function. If SquirrelMail was configured to retrieve a user SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2009:1066 An updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a...

RHEL 4 / 5 : squirrelmail (RHSA-2009:1066)

The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2009:1066 advisory. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail...

squirrelmail security update

1.4.8-5.0.1.el53.7 - Remove Redhat splash screen images 1.4.8-5.7 - fix broken patch for CVE-2009-1579 1.4.8-5.6 - fix broken patch for CVE-2009-1579 1.4.8-5.5 - don't ship patch backup files 1.4.8-5.4 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 : Server-side code...

DSA-1802-1 squirrelmail - several vulnerabilities

Bulletin has no description...

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets CSS positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting XSS and phishing attacks, via a crafted...

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets CSS positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting XSS and phishing attacks, via a crafted...

CVE-2009-1581

CVE-2009-1581 affects SquirrelMail up to version 1.4.18, where functions/mime.php fails to protect against CSS positioning in HTML email. This allows a remote attacker to spoof the user interface and can enable cross-site scripting (XSS) and phishing via a crafted message. The connected advisorie...

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0942

CVE-2009-0942 affects Apple Mac OS X 10.4.11 and 10.5 prior to 10.5.7 where Help Viewer loads CSS references from URLs without verifying they reside in a registered help book. This can allow a remote attacker to craft a malicious help: URL that triggers AppleScript execution and arbitrary code ex...

CVE-2009-1616

Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...

Cross site scripting

Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...

Coppermine Photo Gallery css参数跨站脚本漏洞

BUGTRAQ ID: 34782 Coppermine是用PHP编写的多用途集成Web图形库脚本。 Coppermine的docs/showdoc.php文件没有正确地验证用户所提供的css参数便返回给了用户，远程攻击者可以通过提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。 Coppermine Photo Gallery 1.4.x Coppermine ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Cross site scripting

Cross-site scripting XSS vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets CSS...

CVE-2009-1035

Cross-site scripting XSS vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets CSS...

CVE-2009-1035

The CVE-2009-1035 entry applies to the Drupal Tasklist module (versions 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1). The vulnerability is an XSS flaw where remote authenticated users can inject arbitrary web script or HTML via Cascading Style Sheets (CSS). Impact is a user-driven XS...

Firefox 2 and 3 - Layout engine crashes

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which...

Hot concern:MS09-0 0 2 IE7 exploits the principle of analysis-vulnerability warning-the black bar safety net

Microsoft in GMT + 2, on 1 1, released MS09-0 0 2 vulnerability security update program, Ann-day lab anti-virus monitoring network found that the use of this vulnerability exploit code has been released to the Internet, if the user does not promptly install patches, then there is a vulnerability ...

Fedora Update for roundcubemail FEDORA-2008-5342

Check for the Version of roundcubemail OpenVAS Vulnerability Test Fedora Update for roundcubemail FEDORA-2008-5342 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...