10 matches found
Squirrelmail <=1.4.6 - Local File Inclusion
SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if registerglobals is enabled and magicquotesgpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. id:...
openSUSE 10 Security Update : squirrelmail (squirrelmail-1837)
This update fixes a local file inclusion problem in the squirrelmail webmail frontend. The issue is tracked by the Mitre CVE ID CVE-2006-2842. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP -...
RHEL 3 / 4 : squirrelmail (RHSA-2006:0547)
An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found ...
squirrelmail security update
CentOS Errata and Security Advisory CESA-2006:0547 An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package writt...
Moderate: Red Hat Security Advisory: squirrelmail security update
An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found ...
CVE-2006-2842
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by...
CVE-2006-2842
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by...
CVE-2006-2842
Summary: CVE-2006-2842 affects SquirrelMail 1.4.6 and earlier, with a PHP local/file inclusion vulnerability in functions/plugin.php when register_globals is enabled and magic_quotes_gpc is disabled. An attacker can induce LFI by supplying a URL in the plugins array parameter, potentially allowin...
SquirrelMail plugin.php plugins Parameter Local File Inclusion
The version of SquirrelMail installed on the remote web server fails to properly sanitize user-supplied input to the 'plugins' parameter of the 'functions/plugin.php' script before using it in a PHP 'includeonce' function. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated...