CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4169
https://notcve.org/view.php?id=CVE-2006-4169
15 Jul 2007 — Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. Múltiples vulnerabilidades de escalado de directorio en G/PGP (GPG) Plugin 2.0, y 2.1dev versiones anteriores a 20070614, para Squirrelmail permite a usuarios remotos autenticados incluir y ejecutar ficheros locales de su elec... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3778
https://notcve.org/view.php?id=CVE-2007-3778
15 Jul 2007 — The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. La extensión G/PGP (GPG) 2.0, y 2.1dev anterior a 12/09/2006, para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección mediante meta caracteres de shell en el pará... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3634
https://notcve.org/view.php?id=CVE-2007-3634
10 Jul 2007 — Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other C... • http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3635
https://notcve.org/view.php?id=CVE-2007-3635
10 Jul 2007 — Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634. Múltiples vulnerabilidades no especificadas en el plugin G/PGP (GPG) versiones anteriores a 2.1 para Squirrelmail, podrían permitir a "local authenticated users" inyectar ciertos comandos por medio de vectores no especificados. NOTA: esto podría solaparse ... • http://osvdb.org/45789 •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2007-3636 – SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3636
10 Jul 2007 — Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. Múltiples vulnerabilidades no especificadas en G/PGP (GPG) Plugin 2.1 para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados. NOTA: esta información está basada en un pre-aviso poco preciso de un invest... • https://www.exploit-db.com/exploits/30283 •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 2CVE-2005-1924 – SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection
https://notcve.org/view.php?id=CVE-2005-1924
31 Dec 2005 — The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636. • https://www.exploit-db.com/exploits/4718 •