CVE-2006-3174 - CVE Reference - Advisories

CVE Reference: CVE-2006-3174

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3174

Description: Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26941 SAID Secunia Advisory: SA26235 OSVDB 26610 MISC http://pridels.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:147 CONFIRM http://docs.info.apple.com/article.html?artnum=306172 BID 18700 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	WMNews Cross-Site Scripting Vulnerabilities

2.	Joomla Community Builder Component File Inclusion

3.	dotProject SQL Injection and Cross-Site Scripting

4.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

5.	Slackware update for amarok

6.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

7.	Novell eDirectory Multiple Vulnerabilities

8.	Caudium "configvar" Insecure Temporary Files

9.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

10.	Sun Solaris Kernel Covert Channel Security Bypass