3 matches found
Information disclosure
eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files...
SquirrelMail软件包会话处理绕过认证漏洞
BUGTRAQ ID: 33354 CVECAN ID: CVE-2009-0030 SquirrelMail是一款PHP编写的WEBMAIL程序。 Red Hat为CVE-2008-3663所提供的修复导致SquirrelMail对所有的会话都设置了相同的SQMSESSID Cookie值,这允许通过认证的远程用户通过使用标准的webmail.php接口访问其他用户的文件夹列表和配置数据。 SquirrelMail 1.4.8 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0057-01)以及相应补丁:...
SquirrelMail 1.2.x - Theme Remote Command Execution
SquirrelMail 1.2.x - Theme Remote Command Execution source: https://www.securityfocus.com/bid/4385/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality throu...