7 matches found
CVE-2005-1924
The CVE-2005-1924 issue affects the G/PGP plugin for SquirrelMail (2.1 and earlier). It allows an authenticated remote user to execute arbitrary commands by injecting shell metacharacters in the fpr parameter to deleteKey (via gpg_keyring.php called by import_key_file.php, import_key_text.php, an...
CVE-2007-3636
CVE-2007-3636 involves the G/PGP (GPG) Plugin 2.1 for Squirrelmail with multiple vulnerabilities that enable remote command execution. Publicly available records describe exploitation via unspecified vectors, as noted in both NVD and Red Hat entries. A related historical detail (CVE-2005-1924) sp...
CVE-2006-4169
Based on the provided documents, CVE-2006-4169 affects the SquirrelMail G/PGP plugin (versions 2.0 and 2.1dev before 20070614). The vulnerability stems from multiple input handling weaknesses in the G/PGP plugin that enable directory traversal to include and execute local files via the help param...
CVE-2007-3634
CVE-2007-3634 concerns the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a. A remote authenticated attacker could execute arbitrary commands via an unspecified vector, with potential ties to the passphrase variable in the gpg_sign_attachment function. The available documents do not provide a conc...
CVE-2007-3635
The CVE-2007-3635 entry details a vulnerability in the SquirrelMail G/PGP plugin prior to version 2.1. The root cause is improper escaping of user-supplied data in functions such as deletekey(), gpg_check_sign_pgp_mime(), and gpg_recv_key(), allowing a local authenticated user to inject commands....
CVE-2007-3778
The CVE describes a remote command execution vulnerability in the G/PGP (GPG) Plugin for SquirrelMail (versions 2.0 and 2.1dev before 20060912) where shell metacharacters placed in the messageSignedText were processed by gpg_check_sign_pgp_mime in gpg_hook_functions.php. The issue arises from uns...
CVE-2007-3779
The CVE-2007-3779 entry concerns a local file inclusion vulnerability in the G/PGP (GPG) Plugin for Squirrelmail, specifically in gpg_pop_init.php prior to 20070707. The flaw, related to the MOD parameter, allows remote attackers to include and execute arbitrary local files. This is the explicit ...