Lucene search
K
SquirrelmailGpg Plugin

7 matches found

CVE
CVE
added 2007/07/15 10:0 p.m.60 views

CVE-2005-1924

The CVE-2005-1924 issue affects the G/PGP plugin for SquirrelMail (2.1 and earlier). It allows an authenticated remote user to execute arbitrary commands by injecting shell metacharacters in the fpr parameter to deleteKey (via gpg_keyring.php called by import_key_file.php, import_key_text.php, an...

9.3CVSS7.1AI score0.10263EPSS
CVE
CVE
added 2007/07/10 12:0 a.m.59 views

CVE-2007-3636

CVE-2007-3636 involves the G/PGP (GPG) Plugin 2.1 for Squirrelmail with multiple vulnerabilities that enable remote command execution. Publicly available records describe exploitation via unspecified vectors, as noted in both NVD and Red Hat entries. A related historical detail (CVE-2005-1924) sp...

7.5CVSS7.4AI score0.03077EPSS
CVE
CVE
added 2007/07/15 10:0 p.m.58 views

CVE-2006-4169

Based on the provided documents, CVE-2006-4169 affects the SquirrelMail G/PGP plugin (versions 2.0 and 2.1dev before 20070614). The vulnerability stems from multiple input handling weaknesses in the G/PGP plugin that enable directory traversal to include and execute local files via the help param...

5.5CVSS6.8AI score0.01617EPSS
CVE
CVE
added 2007/07/10 12:0 a.m.55 views

CVE-2007-3634

CVE-2007-3634 concerns the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a. A remote authenticated attacker could execute arbitrary commands via an unspecified vector, with potential ties to the passphrase variable in the gpg_sign_attachment function. The available documents do not provide a conc...

6.5CVSS6.9AI score0.01617EPSS
CVE
CVE
added 2007/07/10 12:0 a.m.51 views

CVE-2007-3635

The CVE-2007-3635 entry details a vulnerability in the SquirrelMail G/PGP plugin prior to version 2.1. The root cause is improper escaping of user-supplied data in functions such as deletekey(), gpg_check_sign_pgp_mime(), and gpg_recv_key(), allowing a local authenticated user to inject commands....

4.3CVSS6.5AI score0.00262EPSS
CVE
CVE
added 2007/07/15 10:0 p.m.41 views

CVE-2007-3778

The CVE describes a remote command execution vulnerability in the G/PGP (GPG) Plugin for SquirrelMail (versions 2.0 and 2.1dev before 20060912) where shell metacharacters placed in the messageSignedText were processed by gpg_check_sign_pgp_mime in gpg_hook_functions.php. The issue arises from uns...

7.5CVSS7.6AI score0.02667EPSS
CVE
CVE
added 2007/07/15 10:0 p.m.40 views

CVE-2007-3779

The CVE-2007-3779 entry concerns a local file inclusion vulnerability in the G/PGP (GPG) Plugin for Squirrelmail, specifically in gpg_pop_init.php prior to 20070707. The flaw, related to the MOD parameter, allows remote attackers to include and execute arbitrary local files. This is the explicit ...

4.3CVSS7.3AI score0.01192EPSS