CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3778
https://notcve.org/view.php?id=CVE-2007-3778
The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. La extensión G/PGP (GPG) 2.0, y 2.1dev anterior a 12/09/2006, para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección mediante meta caracteres de shell en el parámetro messageSignedText a la función gpg_check_sign_pgp_mime de gpg_hook_functions.php. NOTA: un valor del parámetro puede ser usado para establecer los contenidos de un mensaje de correo electrónico. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html http://lists.immunitysec.com/pipermail/dailydave/2007-July/004456.html http://osvdb.org/37931 http://secunia.com/advisories/26035 http://www.attrition.org/pipermail/vim/2007-July/001704.html http://www.attrition.org/pipermail/vim/2007-July/001710.html http://www.securityfocus.com/bid/24874 http://www.vupen.com/english/advisories/2007/2513 https •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3779
https://notcve.org/view.php?id=CVE-2007-3779
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. Vulnerabilidad de inclusión remota de archivo en PHP en el gpg_pop_init.php en la extensión G/PGP (GPG) anterior al 20070707 para el Squirrelmail permite a atacantes remotos incluir y ejecutar ficheros locales de su elección, relacionado con el parámetro MOD. • http://osvdb.org/37930 http://www.attrition.org/pipermail/vim/2007-July/001703.html http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15 http://www.braverock.com/gpg/statcvs/commit_log.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4169
https://notcve.org/view.php?id=CVE-2006-4169
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. Múltiples vulnerabilidades de escalado de directorio en G/PGP (GPG) Plugin 2.0, y 2.1dev versiones anteriores a 20070614, para Squirrelmail permite a usuarios remotos autenticados incluir y ejecutar ficheros locales de su elección mediante un .. (punto punto) en el parámetro help en (1) gpg_help.php ó (2) gpg_help_base.php. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555 http://osvdb.org/37932 http://osvdb.org/37933 http://secunia.com/advisories/26035 http://secunia.com/advisories/26424 http://security.gentoo.org/glsa/glsa-200708-08.xml http://www.securityfocus.com/bid/24874 http://www.vupen.com/english/advisories/2007/2513 https://exchange.xforce.ibmcloud.com/vulnerabilities/35362 •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1CVE-2007-3636 – SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3636
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. Múltiples vulnerabilidades no especificadas en G/PGP (GPG) Plugin 2.1 para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados. NOTA: esta información está basada en un pre-aviso poco preciso de un investigador creible. • https://www.exploit-db.com/exploits/30283 http://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.html http://osvdb.org/45790 http://www.attrition.org/pipermail/vim/2007-July/001703.html http://www.securityfocus.com/bid/24828 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3635
https://notcve.org/view.php?id=CVE-2007-3635
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634. Múltiples vulnerabilidades no especificadas en el plugin G/PGP (GPG) versiones anteriores a 2.1 para Squirrelmail, podrían permitir a "local authenticated users" inyectar ciertos comandos por medio de vectores no especificados. NOTA: esto podría solaparse con CVE-2005-1924, CVE-2006-4169 o CVE-2007-3634. • http://osvdb.org/45789 http://www.attrition.org/pipermail/vim/2007-July/001703.html http://www.squirrelmail.org/plugin_view.php?id=153 •