Elm versions 2.5 PL5 through PL7 suffer from a remotely exploitable buffer overflow when parsing the Expires header of an e-mail message. Patch Included.
a0048706263ba22986c98fc1ac407ea2c9fe958fe2e09c38222c4cd1ea0a4505Mandriva Linux Security Advisory 2012-138 - Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask. A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. The updated packages have been patched to correct this issue.
0bc07732113abfe4a4d47247e6e85dbe5ba0d3f2ba67d9ce240dd0715687d2ebMandriva Linux Security Advisory 2012-137 - Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask. A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. The updated packages have been patched to correct these issues.
bf64566f3857d8378c5f530d05dddf5ae935df9d405244ca913d69759b5cc8fbSecunia Security Advisory - Jelmer Kuperus has discovered a vulnerability in Liferay Portal, which can be exploited by malicious people to bypass certain security restrictions.
41cc8f47ed19077bdbc4f4d32bc478a4af929eb954e60d3fce8d24c661811585Debian Linux Security Advisory 2455-1 - Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.
47c42962916e4199be3819f88b30e724d5de0dc112811ab11be528a7445fd133Secunia Security Advisory - A vulnerability has been reported for the Autocomplete plugin for SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting attacks.
e397971420c57dfcb65937eb79e6876354f583cf1840261561d96ae9e9c5cb79Secunia Security Advisory - Red Hat has issued an update for squirrelmail. This fixes some weaknesses and multiple vulnerabilities, which can be exploited by malicious users to disclose certain system information and conduct script insertion attacks and by malicious people to conduct script insertion and cross-site scripting attacks, bypass certain security restrictions, or cause a DoS (Denial of Service).
356f1fff2f2967acb74e37944065875839ce924d2c2c7a9c1dc5bb9b55bd607cRed Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.
040b4b10a49caa004db71999e8f7658921ee27aeb022c6727ca45cd9c27514adUbuntu Security Notice 1296-1 - Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. Various other issues were also addressed.
9d55ff9ca05a50b358fc834283a55c50bc42e1d06563824ebec60eb58df036baMandriva Linux Security Advisory 2011-123 - Multiple vulnerabilities has been discovered and corrected in squirrelmail. These range from clickjacking to cross site scripting issues. The updated packages have been upgraded to the 1.4.22 version which is not vulnerable to these issues.
33bcf8f8683ef52c64848ced235d1435a53eb7cb13cf42a1d2d0b5e5c727a517Debian Linux Security Advisory 2291-1 - Various vulnerabilities have been found in SquirrelMail, a webmail application.
bfd57caaec768d351d8f4dfd46f6825fcffeed06abe70a51896f408e20e8568bSecunia Security Advisory - Debian has issued an update for squirrelmail. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct script insertion and cross-site scripting attacks and bypass certain security restrictions.
ae8d69186a4657b1e71e08cb35d949db74f66d551ad36e4cf0fd0399d63f01fbDebian Linux Security Advisory 2283-1 - Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation.
54a0abc706eb732a9dc25bd170e5de3023ee6c3006e83c57538633b71c12de24Secunia Security Advisory - Fedora has issued an update for squirrelmail. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct script insertion and cross-site scripting attacks and bypass certain security restrictions.
97495fe9e4ba648d1f5da3cdfe2f9761c76e66ccda77eae8f3ff3bdb6326f4bcPG eLMS Pro version DEC_2007_01 suffers from multiple remote blind SQL injection vulnerabilities.
f33c1f60fe48012757d4de9d5b369cbdd1b4511201f7d9fa55519f099d092a34PG eLMS Pro version DEC_2007_01 suffers from multiple POST cross site scripting vulnerabilities in contact_us.php.
3cb7f482a30aa8222e39a62050d674c0b4201c4a9b953dc76fb7e986a91915bfSecunia Security Advisory - Multiple vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct script insertion and cross-site scripting attacks and bypass certain security restrictions.
c834e90fb4f11c1a6963a1c62c42bcafac3694de4f24875a415a1d206772e6f9Secunia Security Advisory - Felix Wilhelm has reported a vulnerability in CakePHP, which can be exploited by malicious people to compromise a vulnerable system.
8a51e4a339e9bc66199f9f1c7c9af830eb535c5e740844b56e43f490baf1c74bMandriva Linux Security Advisory 2010-219 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.
9b70dec8d866610bd7ce7df037c81c52319f063903cb26ecf3ca4fd6e63ffa76Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.
4cdfd6730622b7459b8ae41be37d6808924aa067a1e95a69d2c972df23792f1fSecunia Security Advisory - Moritz Naumann has discovered a vulnerability in the Virtual Keyboard plugin for SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting attacks.
6fa56ff8f40a9b53797bfff1eda50f99c4af9bfaafab82657054dbf5a9fe6bf4SquirrelMail Virtual Keyboard plugin versions 0.9.1 and suffer from a cross site scripting vulnerability.
a91bac14350627388057c184ca13072b38a66ed5a1695d547a0e23f34571df23Mandriva Linux Security Advisory 2010-158 - functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.
6c9fba4124976b0bdd310cef7966a54550356155dee580b085e917c4282f3ee0Secunia Security Advisory - Debian has issued an update for squirrelmail. This fixes a vulnerability and a weakness, which can be exploited by malicious people to conduct cross-site request forgery attacks and cause a DoS (Denial of Service).
ecb3297decf178200809bccada48d743ec589420c41dc0dbdcca40d262d24e95Secunia Security Advisory - Fedora has issued an update for squirrelmail. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
e9fb63c7a7d518cbbadc79425195347da4da470b27eb75967363eefbef032135Debian Linux Security Advisory 2091-1 - SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controlled by the offender.
c13d0155e8d506e4d62fbfc57b7bb70ebe54c5bd30afef96a0c7857619a5ed67
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed