Gentoo Linux Security Advisory GLSA 200708-08 - The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key() used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Versions less than 1.4.10a-r2 are affected.
9d078d0dc028f915969339c60ba23959b7a1782720672d619014f929d54005e0iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_recv_key() function is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.
623fb7212497064369a3382096eb045adef0b7054957761e87ecbb918b982ef4iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The deleteKey() functionality is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.
43d1374bb1007f95f5034258701359c58204a59a8e93b7fd871ca1983f6a250c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed