11 matches found
Scientific Linux Security Update : squirrelmail on SL5.x, SL4.x, SL3.x i386/x86_64
Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. CVE-2007-1262 Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail...
FreeBSD Ports: squirrelmail
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
openSUSE 10 Security Update : squirrelmail (squirrelmail-3629)
This update of squirrelmail fixes two cross-site-scripting vulnerabilities that can be used by an attacker to read opened emails CVE-2007-1262 and to send email on behalf of the user CVE-2007-2589. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP -...
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2007:0358)
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML...
CentOS 3 / 4 / 5 : squirrelmail (CESA-2007:0358)
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML...
Moderate: Red Hat Security Advisory: squirrelmail security update
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML...
Moderate: squirrelmail security update
1.4.8-4.0.1.el4.0.1 - remove banners 1.4.8-4.0.1 - resolves: 239650: CVE-2007-1262 squirrelmail cross-site scripting flaw...
CVE-2007-1262
Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that are not properly filtered when viewed...
CVE-2007-1262
CVE-2007-1262 affects SquirrelMail 1.4.0–1.4.9a with multiple HTML filter XSS weaknesses: injection via the data: URI in HTML email attachments injection via improper handling of non-ASCII characters when viewed in Internet Explorer.Exploitation could allow remote script execution within the user...
CVE-2007-1262
Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that are not properly filtered when viewed...