CVE-2018-8741
https://notcve.org/view.php?id=CVE-2018-8741
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. Un error de salto de directorio en SquirrelMail 1.4.22 permite que un atacante autenticado exfiltre (o elimine) archivos del servidor que los aloja. Esto está relacionado con ../ en el campo att_local_name en Deliver.class.php. • http://www.openwall.com/lists/oss-security/2018/03/17/2 http://www.securitytracker.com/id/1040554 https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18 https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-7692 – SquirrelMail < 1.4.22 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-7692
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. • https://www.exploit-db.com/exploits/41910 http://openwall.com/lists/oss-security/2017/04/19/6 http://openwall.com/lists/oss-security/2017/04/27/1 http://www.debian.org/security/2017/dsa-3852 http://www.securityfocus.com/bid/98067 http://www.securitytracker.com/id/1038312 https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html https://security.gentoo.org/glsa/201709-13 • CWE-20: Improper Input Validation •
CVE-2012-2124 – squirrelmail: not fixed in RHSA-2012:0103
https://notcve.org/view.php?id=CVE-2012-2124
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813. functions/imap_general.php en SquirrelMail, tal y como se usa ??en Red Hat Enterprise Linux (RHEL) v4 y v5 no trata correctamente los caracteres de 8 bits en las contraseñas, lo que permite a atacantes remotos provocar una denegación de servicio (por excesivo consumo de disco) haciendo muchos intentos de acceso IMAP con diferentes nombres de usuario, lo que lleva a la creación de muchos archivos de preferencias. NOTA: este problema existe debido a una reparación incorrecta al CVE-2010-2813. • http://rhn.redhat.com/errata/RHSA-2013-0126.html http://secunia.com/advisories/51730 http://www.openwall.com/lists/oss-security/2012/04/20/22 https://bugzilla.redhat.com/show_bug.cgi?id=814671 https://access.redhat.com/security/cve/CVE-2012-2124 • CWE-399: Resource Management Errors •
CVE-2012-0323
https://notcve.org/view.php?id=CVE-2012-0323
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzaods (XSS) en el componente de autocompletado v3.0 de SquirrelMail permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://jvn.jp/en/jp/JVN56653852/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021 http://squirrelmail.org/plugin_view.php?id=32 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2752 – SquirrelMail: CRLF injection vulnerability
https://notcve.org/view.php?id=CVE-2011-2752
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)en SquirrelMail v1.4.21 y anteriores, que permite a atacantes remotos modificar o añadir valores de preferencia a través de un retorno de carro o nueva línea de carácter. Es una vulnerabilidad diferente a CVE-2010-4555. • http://rhn.redhat.com/errata/RHSA-2012-0103.html http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 https://access.redhat.com/security/cve/CVE-2011-2752 https://bugzilla.redhat.com/show_bug.cgi?id=722831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •