CVE-2007-3635

Multiple unspecified vulnerabilities in the G/PGP GPG Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634...

CVE-2007-3636

Multiple unspecified vulnerabilities in the G/PGP GPG Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher...

SquirrelMail G/PGP Encryption Plugin 2.0/2.1 Access Validation And Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26788/info The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability. Attackers can exploit these issues to inject arbitrary script code into public...

SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24828/info Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. These issues occur because the application fails to sufficiently sanitize...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

No description provided by source. !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 =...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

Exploit for unknown platform in category web applications =============================================================== SquirrelMail G/PGP Plugin deletekey Command Injection Exploit =============================================================== !/usr/local/bin/ruby puts"http://backdoored.net\n...

SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation

source: https://www.securityfocus.com/bid/26788/info The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability. Attackers can exploit these issues to inject arbitrary script code into public key data or to delete and overwrit...

GLSA-200708-08 : SquirrelMail G/PGP plugin: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-200708-08 SquirrelMail G/PGP plugin: Arbitrary code execution The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact : An...

SquirrelMail G/PGP plugin: Arbitrary code execution

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact An authenticated user could...

CVE-2007-3778

The G/PGP GPG Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpgchecksignpgpmime function in gpghookfunctions.php. NOTE: a parameter value can be set in the contents ...

Design/Logic Flaw

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

CVE-2007-3779

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

CVE-2006-4169

Multiple directory traversal vulnerabilities in the G/PGP GPG Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. dot dot in the help parameter to 1 gpghelp.php or 2 gpghelpbase.php...

CVE-2005-1924

The CVE-2005-1924 issue affects the G/PGP plugin for SquirrelMail (2.1 and earlier). It allows an authenticated remote user to execute arbitrary commands by injecting shell metacharacters in the fpr parameter to deleteKey (via gpg_keyring.php called by import_key_file.php, import_key_text.php, an...

CVE-2006-4169

Based on the provided documents, CVE-2006-4169 affects the SquirrelMail G/PGP plugin (versions 2.0 and 2.1dev before 20070614). The vulnerability stems from multiple input handling weaknesses in the G/PGP plugin that enable directory traversal to include and execute local files via the help param...

CVE-2007-3778

The CVE describes a remote command execution vulnerability in the G/PGP (GPG) Plugin for SquirrelMail (versions 2.0 and 2.1dev before 20060912) where shell metacharacters placed in the messageSignedText were processed by gpg_check_sign_pgp_mime in gpg_hook_functions.php. The issue arises from uns...

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability

SquirrelMail G/PGP Plugin gpgchecksignpgpmime Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital...

squirrel-exec.txt

SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t cat /tmp/w00t cat: /tmp/w00t: No...

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability

SquirrelMail G/PGP Plugin gpgchecksignpgpmime Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital...

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability

SquirrelMail G/PGP Plugin deleteKey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...