CVE Reference: CVE-2005-2095

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-2095

Description:
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/21359

SUSE
  http://www.novell.com/linux/security/advisories/2005_18_sr.html

REDHAT
  http://www.redhat.com/support/errata/RHSA-2005-595.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10500

MISC
  http://www.gulftech.org/?node=research&article_id=00090-07142005

FEDORA

DEBIAN
  http://www.debian.org/security/2005/dsa-756

CONFIRM
  http://www.squirrelmail.org/security/issue/2005-07-13

BUGTRAQ
  http://www.securityfocus.com/archive/1/405200
  http://www.securityfocus.com/archive/1/405202

BID
  14254

APPLE
  http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
  http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html


Return to the previous page.