EUVD-2019-17728

Malware in sbrugna...

Fedora 38 : rust-capnp / rust-sequoia-octopus-librnp (2022-15c504b6eb)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-15c504b6eb advisory. Update the capnp crate to version 0.14.11 to address CVE-2022-46149 / RUSTSEC-2022-0068. This update also includes a rebuild of the only affected application...

Fedora 37 : rust-capnp / rust-sequoia-octopus-librnp (2022-7002ec8b22)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-7002ec8b22 advisory. Update the capnp crate to version 0.14.11 to address CVE-2022-46149 / RUSTSEC-2022-0068. This update also includes a rebuild of the only affected application...

GHSA-HHR2-F668-FF2W Use of a weak cryptographic algorithm in Gradle

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

CVE-2019-8338

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...

CVE-2019-8338

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...

CVE-2007-3635

Multiple unspecified vulnerabilities in the G/PGP GPG Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634...

Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)

SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...

openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)

Claws Mail was updated to version 3.11.0. Changes : + SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability CVE-2014-3566. + Several PGP/Core plugin improvements : - Indicate when a key has been revoked or has expired when displaying signature status. - Whe...

End-to-End Encryption for Yahoo Mail Coming Next Year

Today at Black Hat 2014 hacking conference, Yahoo! Chief Information Security Officer Alex Stamos announced that the company will start giving its consumers the option of end-to-end encryption in its Mail service by next year. Google showed off a PGP-based encryption plugin for Gmail back in June...

SquirrelMail PGP Plugin - Command Execution (SMTP) (Metasploit)

$Id: squirrelmailpgpplugin.rb 10148 2010-08-25 20:31:46Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

SquirrelMail PGP Plugin Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'SquirrelMail...

GLSA-200708-08 : SquirrelMail G/PGP plugin: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-200708-08 SquirrelMail G/PGP plugin: Arbitrary code execution The functions deletekey, gpgchecksignpgpmime and gpgrecvkey used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Impact : An...

CVE-2007-3778

The G/PGP GPG Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpgchecksignpgpmime function in gpghookfunctions.php. NOTE: a parameter value can be set in the contents ...

Design/Logic Flaw

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

CVE-2007-3779

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

CVE-2006-4169

Based on the provided documents, CVE-2006-4169 affects the SquirrelMail G/PGP plugin (versions 2.0 and 2.1dev before 20070614). The vulnerability stems from multiple input handling weaknesses in the G/PGP plugin that enable directory traversal to include and execute local files via the help param...

CVE-2007-3778

The CVE describes a remote command execution vulnerability in the G/PGP (GPG) Plugin for SquirrelMail (versions 2.0 and 2.1dev before 20060912) where shell metacharacters placed in the messageSignedText were processed by gpg_check_sign_pgp_mime in gpg_hook_functions.php. The issue arises from uns...

SquirrelMail PGP plugin unfiltered shell characters

Unfiltered shell characters on external application invocation in fpr parameter of keyringmain.php script and in different places...

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability

SquirrelMail G/PGP Plugin gpgrecvkey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...