11 matches found
Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2009-2964 squirrelmail: CSRF issues in all forms Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery CSRF attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject...
CentOS Update for squirrelmail CESA-2009:1490 centos3 i386
Check for the Version of squirrelmail OpenVAS Vulnerability Test CentOS Update for squirrelmail CESA-2009:1490 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
[SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery
------------------------------------------------------------------------ Debian Security Advisory DSA-2091-1 [email protected] http://www.debian.org/security/ Luciano Bello August 12, 2010 http://www.debian.org/security/faq -...
Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities
The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4. Mac OS X 10.6.4 contains security fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - Help Viewer - iChat - ImageIO - Kerberos - Kernel - libcurl - Network...
CentOS Security Advisory CESA-2009:1490 (squirrelmail)
The remote host is missing updates to squirrelmail announced in advisory CESA-2009:1490. CESA-2009:1490 65756 4 $Id: ovcesa20091490.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:1490 squirrelmail Authors: Thomas Reinke Copyright: Copyright c 2009...
CentOS Security Advisory CESA-2009:1490 (squirrelmail)
The remote host is missing updates to squirrelmail announced in advisory CESA-2009:1490. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
[ MDVSA-2009:222 ] squirrelmail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:222 http://www.mandriva.com/security/ Package : squirrelmail Date : August 28, 2009 Affected: Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in...
SquirrelMail多个表单跨站请求伪造漏洞
CVECAN ID: CVE-2009-2964 SquirrelMail是一款PHP编写的WEBMAIL程序。 SquirrelMail没有正确地过滤用户向多个表单(发送消息、更改偏好等)所提交的内容,远程攻击者可以通过跨站请求伪造攻击执行删除邮件、发送邮件等操作。以下是受影响的页面: functions/mailboxdisplay.php src/addrbooksearchhtml.php src/addressbook.php src/compose.php src/folders.php src/folderscreate.php src/foldersdelete.php...
CVE-2009-2964
Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to 1 functions/mailboxdisplay.php, 2...
Fedora 11 : squirrelmail-1.4.19-2.fc11 (2009-8822)
Implemented page referal verification mechanism. Secunia Advisory SA34627 - Implemented security token system. Secunia Advisory SA34627 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora 10 : squirrelmail-1.4.19-2.fc10 (2009-8797)
Implemented page referal verification mechanism. Secunia Advisory SA34627 - Implemented security token system. Secunia Advisory SA34627 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...