Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7711
HistoryJan 30, 2005 - 12:00 a.m.

SquirrelMail Security Advisory

2005-01-3000:00:00
vulners.com
34
JSON

SquirrelMail Security Advisory

SquirrelMail 1.4.4 has been released to resolve a
number of security
issues disclosed below. It is strongly recommended
that all running
SquirrelMail prior to 1.4.4 upgrade to the latest
release.

Remote File Inclusion

Manoel Zaninetti reported an issue in src/webmail.php
which would allow a
crafted URL to include a remote web page. This was
assigned CAN-2005-0103
by the Common Vulnerabilities and Exposures.

Cross Site Scripting Issues

A possible cross site scripting issue exists in
src/webmail.php that is
only accessible when the PHP installation is running
with register_globals
set to On. This issue was uncovered internally by the
SquirrelMail
Development team. This isssue was assigned
CAN-2005-0104 by the Common
Vulnerabilities and Exposures.

A second issue which was resolved in the 1.4.4-rc1
release was uncovered
and assigned CAN-2004-1036 by the Common
Vulnerabilities and Exposures.
This issue could allow a remote user to send a
specially crafted header
and cause execution of script (such as javascript) in
the client browser.

Local File Inclusion

A possible local file inclusion issue was uncovered by
one of our
developers involving custom preference handlers. This
issue is only
active if the PHP installation is running with
register_globals set to On.

It is strongly suggested that all users running
SquirrelMail prior to
1.4.4 upgrade to the latest release. Those using a
development release,
should upgrade to the latest snapshots to ensure they
have the latest
updates for these issues. A full list of changes in
this, and previous
releases can be found here
(http://www.squirrelmail.org/changelog.php).

For further updates on security issues, details are
posted to
http://www.squirrelmail.org/security/. Any security
issues should be
emailed to [email protected].

We'd like to express thanks for those that have worked
with us on getting
security issues resolved with SquirrelMail, and hope
that people continue
to do so in such fashion, it is much appreciated.


Jonathan Angliss
SquirrelMail Development Team

Related

openvas 13
nessus 14
freebsd 1
redhat 3
gentoo 2
ubuntucve 3
cve 3
debian 4
osv 1
openvas
openvas
FreeBSD Ports: squirrelmail, ja-squirrelmail
2008-09-04 00:00:00
FreeBSD Ports: squirrelmail, ja-squirrelmail
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200501-39 (SquirrelMail)
2008-09-24 00:00:00
nessus
nessus
FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)
2005-07-13 00:00:00
RHEL 4 : squirrelmail (RHSA-2005:099)
2005-02-22 00:00:00
SquirrelMail < 1.4.4 Multiple Vulnerabilities
2005-01-24 00:00:00
freebsd
freebsd
squirrelmail -- XSS and remote code injection vulnerabilities
2005-01-29 00:00:00
redhat
redhat
(RHSA-2005:099) squirrelmail security update
2005-02-15 00:00:00
(RHSA-2005:135) squirrelmail security update
2005-02-10 00:00:00
(RHSA-2004:654) squirrelmail security update
2004-12-23 00:00:00
gentoo
gentoo
SquirrelMail: Multiple vulnerabilities
2005-01-28 00:00:00
SquirrelMail: Encoded text XSS vulnerability
2004-11-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-0104
2005-01-29 00:00:00
CVE-2005-0103
2005-01-24 00:00:00
CVE-2004-1036
2005-03-01 00:00:00
cve
cve
CVE-2005-0103
2005-01-24 05:00:00
CVE-2004-1036
2005-03-01 05:00:00
CVE-2005-0104
2005-01-29 05:00:00
debian
debian
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
2005-02-01 14:44:23
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
osv
osv
squirrelmail - several
2005-03-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:7711
openvas13nessus14freebsd1redhat3gentoo2ubuntucve3cve3debian4osv1