10 matches found
Scientific Linux Security Update : squirrelmail on SL5.x, SL4.x, SL3.x i386/x86_64
Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. CVE-2007-1262 Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail...
openSUSE 10 Security Update : squirrelmail (squirrelmail-3629)
This update of squirrelmail fixes two cross-site-scripting vulnerabilities that can be used by an attacker to read opened emails CVE-2007-1262 and to send email on behalf of the user CVE-2007-2589. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP -...
RHEL 3 / 4 / 5 : squirrelmail (RHSA-2007:0358)
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML...
CentOS 3 / 4 / 5 : squirrelmail (CESA-2007:0358)
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML...
Moderate: Red Hat Security Advisory: squirrelmail security update
A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Several HTML...
CVE-2007-2589
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...
CVE-2007-2589
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...
CVE-2007-2589
CVE-2007-2589 : A CSRF vulnerability in SquirrelMail 1.4.0–1.4.9a (compose.php) lets an attacker induce actions (sending mail) from an arbitrary user via data in an IMG SRC attribute. This is described across multiple advisories (RHSA-2007:0358, CentOS/RHSA backport, openSUSE/SUSE ESP). The CVSS ...
CVE-2007-2589
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...