CVE-2007-3635

Multiple unspecified vulnerabilities in the G/PGP GPG Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634...

GLSA-200708-08 : SquirrelMail G/PGP plugin: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-200708-08 SquirrelMail G/PGP plugin: Arbitrary code execution The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact : An...

Design/Logic Flaw

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

CVE-2007-3779

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

CVE-2007-3778

The G/PGP GPG Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpgchecksignpgpmime function in gpghookfunctions.php. NOTE: a parameter value can be set in the contents ...

CVE-2007-3778

The CVE describes a remote command execution vulnerability in the G/PGP (GPG) Plugin for SquirrelMail (versions 2.0 and 2.1dev before 20060912) where shell metacharacters placed in the messageSignedText were processed by gpg_check_sign_pgp_mime in gpg_hook_functions.php. The issue arises from uns...

CVE-2006-4169

Based on the provided documents, CVE-2006-4169 affects the SquirrelMail G/PGP plugin (versions 2.0 and 2.1dev before 20070614). The vulnerability stems from multiple input handling weaknesses in the G/PGP plugin that enable directory traversal to include and execute local files via the help param...

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability

SquirrelMail G/PGP Plugin gpgrecvkey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability

SquirrelMail G/PGP Plugin deleteKey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

Information disclosure

Multiple unspecified vulnerabilities in the G/PGP GPG Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher...

CVE-2007-3636

Multiple unspecified vulnerabilities in the G/PGP GPG Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher...