CVE-2005-2095 - CVE Reference - Advisories

CVE Reference: CVE-2005-2095

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2095

Description: options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/21359 SUSE http://www.novell.com/linux/security/advisories/2005_18_sr.html REDHAT http://www.redhat.com/support/errata/RHSA-2005-595.html MISC http://www.gulftech.org/?node=research&article_id=00090-07142005 FEDORA DEBIAN http://www.debian.org/security/2005/dsa-756 CONFIRM http://www.squirrelmail.org/security/issue/2005-07-13 BUGTRAQ http://www.securityfocus.com/archive/1/405200 http://www.securityfocus.com/archive/1/405202 BID 14254 APPLE http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	WMNews Cross-Site Scripting Vulnerabilities

2.	Joomla Community Builder Component File Inclusion

3.	dotProject SQL Injection and Cross-Site Scripting

4.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

5.	Slackware update for amarok

6.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

7.	Novell eDirectory Multiple Vulnerabilities

8.	Caudium "configvar" Insecure Temporary Files

9.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

10.	Sun Solaris Kernel Covert Channel Security Bypass