CVE-2007-3779
https://notcve.org/view.php?id=CVE-2007-3779
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. Vulnerabilidad de inclusión remota de archivo en PHP en el gpg_pop_init.php en la extensión G/PGP (GPG) anterior al 20070707 para el Squirrelmail permite a atacantes remotos incluir y ejecutar ficheros locales de su elección, relacionado con el parámetro MOD. • http://osvdb.org/37930 http://www.attrition.org/pipermail/vim/2007-July/001703.html http://www.braverock.com/gpg/cvs/viewcvs.cgi/gpg/gpg_pop_init.php.diff?r1=1.14&r2=1.15 http://www.braverock.com/gpg/statcvs/commit_log.html •
CVE-2007-3778
https://notcve.org/view.php?id=CVE-2007-3778
The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. La extensión G/PGP (GPG) 2.0, y 2.1dev anterior a 12/09/2006, para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección mediante meta caracteres de shell en el parámetro messageSignedText a la función gpg_check_sign_pgp_mime de gpg_hook_functions.php. NOTA: un valor del parámetro puede ser usado para establecer los contenidos de un mensaje de correo electrónico. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html http://lists.immunitysec.com/pipermail/dailydave/2007-July/004456.html http://osvdb.org/37931 http://secunia.com/advisories/26035 http://www.attrition.org/pipermail/vim/2007-July/001704.html http://www.attrition.org/pipermail/vim/2007-July/001710.html http://www.securityfocus.com/bid/24874 http://www.vupen.com/english/advisories/2007/2513 https •
CVE-2006-4169
https://notcve.org/view.php?id=CVE-2006-4169
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. Múltiples vulnerabilidades de escalado de directorio en G/PGP (GPG) Plugin 2.0, y 2.1dev versiones anteriores a 20070614, para Squirrelmail permite a usuarios remotos autenticados incluir y ejecutar ficheros locales de su elección mediante un .. (punto punto) en el parámetro help en (1) gpg_help.php ó (2) gpg_help_base.php. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555 http://osvdb.org/37932 http://osvdb.org/37933 http://secunia.com/advisories/26035 http://secunia.com/advisories/26424 http://security.gentoo.org/glsa/glsa-200708-08.xml http://www.securityfocus.com/bid/24874 http://www.vupen.com/english/advisories/2007/2513 https://exchange.xforce.ibmcloud.com/vulnerabilities/35362 •
CVE-2005-1924 – SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection
https://notcve.org/view.php?id=CVE-2005-1924
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636. • https://www.exploit-db.com/exploits/4718 https://www.exploit-db.com/exploits/4173 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331 http://osvdb.org/37923 http://osvdb.org/37924 http://secunia.com/advisories/26035 http://secunia.com/advisories/26424 http://security.gentoo.org/glsa/glsa-200708-08.xml http://www.attrition.org/pipermail/vim/2007-July/001710.html http://www.securit •