CVE-2005-2095

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
References
Link Resource
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://www.debian.org/security/2005/dsa-756 Patch Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00090-07142005
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.redhat.com/support/errata/RHSA-2005-595.html
http://www.securityfocus.com/archive/1/405200
http://www.securityfocus.com/archive/1/405202
http://www.securityfocus.com/bid/14254
http://www.squirrelmail.org/security/issue/2005-07-13
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047
https://exchange.xforce.ibmcloud.com/vulnerabilities/21359
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://www.debian.org/security/2005/dsa-756 Patch Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00090-07142005
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.redhat.com/support/errata/RHSA-2005-595.html
http://www.securityfocus.com/archive/1/405200
http://www.securityfocus.com/archive/1/405202
http://www.securityfocus.com/bid/14254
http://www.squirrelmail.org/security/issue/2005-07-13
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047
https://exchange.xforce.ibmcloud.com/vulnerabilities/21359
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html - () http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html -
References () http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html - () http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html -
References () http://www.debian.org/security/2005/dsa-756 - Patch, Vendor Advisory () http://www.debian.org/security/2005/dsa-756 - Patch, Vendor Advisory
References () http://www.gulftech.org/?node=research&article_id=00090-07142005 - () http://www.gulftech.org/?node=research&article_id=00090-07142005 -
References () http://www.novell.com/linux/security/advisories/2005_18_sr.html - () http://www.novell.com/linux/security/advisories/2005_18_sr.html -
References () http://www.redhat.com/support/errata/RHSA-2005-595.html - () http://www.redhat.com/support/errata/RHSA-2005-595.html -
References () http://www.securityfocus.com/archive/1/405200 - () http://www.securityfocus.com/archive/1/405200 -
References () http://www.securityfocus.com/archive/1/405202 - () http://www.securityfocus.com/archive/1/405202 -
References () http://www.securityfocus.com/bid/14254 - () http://www.securityfocus.com/bid/14254 -
References () http://www.squirrelmail.org/security/issue/2005-07-13 - () http://www.squirrelmail.org/security/issue/2005-07-13 -
References () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 - () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/21359 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/21359 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500 -

Information

Published : 2005-07-13 04:00

Updated : 2024-11-20 23:58


NVD link : CVE-2005-2095

Mitre link : CVE-2005-2095

CVE.ORG link : CVE-2005-2095


JSON object : View

Products Affected

squirrelmail

  • squirrelmail