CVE-2010-2813

Related Files

Red Hat Security Advisory 2012-0103-01

Posted Feb 8, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.

tags | advisory, remote, web, arbitrary, php, xss

systems | linux, redhat

advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-2023, CVE-2011-2752, CVE-2011-2753

SHA-256 | 040b4b10a49caa004db71999e8f7658921ee27aeb022c6727ca45cd9c27514ad

Download | Favorite | View

Apple Security Advisory 2012-02-01-1

Posted Feb 3, 2012

Authored by Apple | Site apple.com

Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.

tags | advisory, vulnerability

systems | apple

advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-0200, CVE-2011-0241, CVE-2011-1148, CVE-2011-1167, CVE-2011-1657, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1938, CVE-2011-2023, CVE-2011-2192, CVE-2011-2202, CVE-2011-2204, CVE-2011-2483, CVE-2011-2895, CVE-2011-2937, CVE-2011-3182, CVE-2011-3189, CVE-2011-3246, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3252, CVE-2011-3256

SHA-256 | cf25033e1c0f7c890c4bb4bf4deec5fe01b2162ac354bd512e0fcd1426499d94

Download | Favorite | View

Mandriva Linux Security Advisory 2010-158

Posted Aug 24, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-158 - functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.

tags | advisory, remote, denial of service, php, imap

systems | linux, mandriva

advisories | CVE-2010-2813

SHA-256 | 6c9fba4124976b0bdd310cef7966a54550356155dee580b085e917c4282f3ee0

Download | Favorite | View

Debian Linux Security Advisory 2091-1

Posted Aug 13, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2091-1 - SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.

tags | advisory, remote, csrf

systems | linux, debian

advisories | CVE-2009-2964, CVE-2010-2813

SHA-256 | c13d0155e8d506e4d62fbfc57b7bb70ebe54c5bd30afef96a0c7857619a5ed67

Download | Favorite | View