|
|
CVE Reference: CVE-2005-1924 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-1924 |
|
|
Description: The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35355 http://xforce.iss.net/xforce/xfdb/35364 VIM http://www.attrition.org/pipermail/vim/2007-July/001710.html SAID Secunia Advisory: SA26424 Secunia Advisory: SA26035 MILW0RM http://milw0rm.com/exploits/4173 IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329 GENTOO http://security.gentoo.org/glsa/glsa-200708-08.xml BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/473370/100/0/threaded BID 24874 |
|
| Return to the previous page. |
