Page 6 of 65 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 66EXPL: 0

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail anteriores a la v1.4.17 permitiría a atacantes remotos inyectar secuencia de código web o HTML a su elección a través de un hiperenlace manipulado en la parte HTML de un mensaje de correo electrónico. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://secunia.com/advisories/32143 http://secunia.com/advisories/33054 http://secunia.com/advisories/33071 http://secunia.com/advisories/33937 http://security-net.biz/wsw/index.php?p=254&n=190 http://support.apple.com/kb/HT3438 http://www.debian.org/security/2008/dsa-1682 http://www.securityfocus.com/bid/32603 http://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Squirrelmail 1.4.15 no establece la bandera de seguridad para la cookie de sesión en una sesión https, lo que podría provocar que la cookie pudiera ser enviada en peticiones http y facilitar a atacantes remotos capturar esta cookie. • http://int21.de/cve/CVE-2008-3663-squirrelmail.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/33937 http://securityreason.com/securityalert/4304 http://support.apple.com/kb/HT3438 http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html http://www.securityfocus.c • CWE-310: Cryptographic Issues •

CVSS: 6.8EPSS: 9%CPEs: 2EXPL: 0

SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. SquirrelMail versiones 1.4.11 y 1.4.12, distribuidas en sourceforge.net versiones anteriores a 20071213, se han modificado externamente para crear un Caballo de Troya que introduce una vulnerabilidad de inclusión remota de archivos PHP, que permite a los atacantes remotos ejecutar código arbitrario. • http://marc.info/?l=bugtraq&m=119765643909825&w=2 http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2 http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2 http://osvdb.org/42633 http://secunia.com/advisories/28095 http://www.securityfocus.com/archive/1/485037/100/0/threaded http://www.squirrelmail.org/index.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Una vulnerabilidad no especificada en el plugin G/PGP (GPG) versión 2.0 para Squirrelmail versión 1.4.10a, permite a usuarios autenticados remotoss ejecutar comandos arbitrarios por medio de vectores no especificados, posiblemente relacionados con la variable passphrase en la función gpg_sign_attachment, también se conoce como ZD-0000000004. Esta información está basada en un aviso vago de una organización de ventas de información sobre vulnerabilidades que no coordina con los proveedores o publica avisos procesables. • http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html http://osvdb.org/45788 http://www.attrition.org/pipermail/vim/2007-July/001703.html http://www.securityfocus.com/bid/24782 http://www.wslabi.com/wabisabilabi/initPublishedBid.do? •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634. Múltiples vulnerabilidades no especificadas en el plugin G/PGP (GPG) versiones anteriores a 2.1 para Squirrelmail, podrían permitir a "local authenticated users" inyectar ciertos comandos por medio de vectores no especificados. NOTA: esto podría solaparse con CVE-2005-1924, CVE-2006-4169 o CVE-2007-3634. • http://osvdb.org/45789 http://www.attrition.org/pipermail/vim/2007-July/001703.html http://www.squirrelmail.org/plugin_view.php?id=153 •