Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.
040b4b10a49caa004db71999e8f7658921ee27aeb022c6727ca45cd9c27514ad
Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.
cf25033e1c0f7c890c4bb4bf4deec5fe01b2162ac354bd512e0fcd1426499d94
Mandriva Linux Security Advisory 2010-158 - functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.
6c9fba4124976b0bdd310cef7966a54550356155dee580b085e917c4282f3ee0
Debian Linux Security Advisory 2091-1 - SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.
c13d0155e8d506e4d62fbfc57b7bb70ebe54c5bd30afef96a0c7857619a5ed67