what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2010-2813

Status Candidate

Overview

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.

Related Files

Red Hat Security Advisory 2012-0103-01
Posted Feb 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.

tags | advisory, remote, web, arbitrary, php, xss
systems | linux, redhat
advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-2023, CVE-2011-2752, CVE-2011-2753
MD5 | 9446f18bb80aba02d2ea7a955548017a
Apple Security Advisory 2012-02-01-1
Posted Feb 3, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-0200, CVE-2011-0241, CVE-2011-1148, CVE-2011-1167, CVE-2011-1657, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1938, CVE-2011-2023, CVE-2011-2192, CVE-2011-2202, CVE-2011-2204, CVE-2011-2483, CVE-2011-2895, CVE-2011-2937, CVE-2011-3182, CVE-2011-3189, CVE-2011-3246, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3252, CVE-2011-3256
MD5 | 8fe868bea54053b8adeccaecf10eb251
Mandriva Linux Security Advisory 2010-158
Posted Aug 24, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-158 - functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.

tags | advisory, remote, denial of service, php, imap
systems | linux, mandriva
advisories | CVE-2010-2813
MD5 | 448ed7cf62098bf570f69c0304412867
Debian Linux Security Advisory 2091-1
Posted Aug 13, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2091-1 - SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.

tags | advisory, remote, csrf
systems | linux, debian
advisories | CVE-2009-2964, CVE-2010-2813
MD5 | de37afcdc8b538ecf5765798b0a78600
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    34 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close