EUVD-2005-0240

Malware in sbrugna...

SquirrelMail vulnerable to command injection because of flawed input checking in S/MIME plug-in

Overview SquirrelMail contains a flaw in its S/MIME plug-in certificate handling routines which may allow arbitrary code to be remotely executed. Description From the SquirrelMail web page:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for...

iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability

SquirrelMail S/MIME Plugin Command Injection Vulnerability iDEFENSE Security Advisory 02.07.05 www.idefense.com/application/poi/display?id=191&type=vulnerabilities February 07, 2005 I. BACKGROUND Squirrelmail S/MIME plugin enables the viewing of S/MIME-signed messages of the MIME "multipart/signe...

CVE-2005-0239

The CVE-2005-0239 vulnerability affects the S/MIME plug‑in for SquirrelMail (versions 0.4 and 0.5). The flaw arises from inadequate sanitization of the cert parameter in viewcert.php, allowing remote attackers to construct shell metacharacters and execute arbitrary commands on the web server. Imp...