CVE-2006-0377

Related Files

Gentoo Linux Security Advisory 200603-9

Posted Mar 13, 2006

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200603-09 - SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting. Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting. Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection. Versions less than 1.4.6 are affected.

tags | advisory, php, imap, xss

systems | linux, gentoo

advisories | CVE-2006-0188, CVE-2006-0195, CVE-2006-0377

SHA-256 | effed19ca1e9f98b10b94fcf1e8a084c0d7eba2068bed2c586d1832ff2907aa7

Download | Favorite | View

SquirrelFlaws.txt

Posted Mar 2, 2006

Authored by Vicente Aguilera Diaz

SquirrelMail versions 1.4.5 and below suffer from an IMAP injection flaw. Versions 1.2.7 and below suffer from a SMTP injection flaw. Details provided.

tags | exploit, imap

advisories | CVE-2006-0377

SHA-256 | 14cc0b04e833bc5ee62ab6fe916d63fc4a302e2b75777de081e7a43462ff2d3f

Download | Favorite | View