CVE: CVE-2006-4019

Descrizione: Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Vettore di attacco

Riferimenti esterni

• http://secunia.com/advisories/21586
• https://issues.rpath.com/browse/RPL-577
• http://www.vupen.com/english/advisories/2007/2732
• http://www.debian.org/security/2006/dsa-1154
• http://secunia.com/advisories/21354
• http://secunia.com/advisories/22487
• http://securitytracker.com/id?1016689
• http://www.novell.com/linux/security/advisories/2006_23_sr.html
• http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
• http://www.vupen.com/english/advisories/2006/3271
• http://secunia.com/advisories/21444
• https://exchange.xforce.ibmcloud.com/vulnerabilities/28365
• http://secunia.com/advisories/22080
• http://attrition.org/pipermail/vim/2006-August/000970.html
• http://www.securityfocus.com/bid/19486
• http://www.redhat.com/support/errata/RHSA-2006-0668.html
• http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
• http://www.squirrelmail.org/security/issue/2006-08-11
• http://secunia.com/advisories/22104
• http://www.securityfocus.com/archive/1/442993/100/0/threaded
• http://www.securityfocus.com/archive/1/442980/100/0/threaded
• http://marc.info/?l=full-disclosure&m=115532449024178&w=2
• http://www.osvdb.org/27917
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533
• http://docs.info.apple.com/article.html?artnum=306172
• http://www.securityfocus.com/bid/25159
• ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:147
• http://secunia.com/advisories/26235

Prodotti interessati

• n/a – n/a

Relazioni con altri prodotti

Nessun prodotto trovato per il CVE: cve-2006-4019