CVE-2005-0104

Related Files

Debian Linux Security Advisory 662-2

Posted Mar 17, 2005

Authored by Debian | Site debian.org

Debian Security Advisory 662-2 - Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout.

tags | advisory

systems | linux, debian

advisories | CVE-2005-0104, CVE-2005-0152

SHA-256 | 30570cad6d9a79ce284b36f9cf85e7b18ef089817e6634baac61546c0fb4cb6e

Download | Favorite | View

dsa-662.txt

Posted Feb 2, 2005

Site debian.org

Debian Security Advisory 662-1 - Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Upstream developers noticed that an unsanitized variable could lead to cross site scripting. Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail.

tags | advisory, arbitrary, vulnerability, xss

systems | linux, debian

advisories | CVE-2005-0104, CVE-2005-0152

SHA-256 | 2f1b470ff1e1b6b6d1992aa09267ff6a4ccd36243f44f033382e76d37b0a7dff

Download | Favorite | View

squirrelInclusion.txt

Posted Jan 30, 2005

Authored by Jonathan Angliss | Site squirrelmail.org

SquirrelMail Security Advisory - SquirrelMail 1.4.4 has been released to resolve a number of security issues. Manoel Zaninetti reported an issue in src/webmail.php which would allow a crafted URL to include a remote web page. A possible cross site scripting issue exists in src/webmail.php that is only accessible when the PHP installation is running with register_globals set to On.

tags | advisory, remote, web, php, xss

advisories | CVE-2005-0104, CVE-2005-0103

SHA-256 | 5773619867fb37cf0ce9656875f5125f481bb03dec469652efec6634f72bd105

Download | Favorite | View