CVE-2006-4019 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-4019
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4019

Description: Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28365 VIM http://attrition.org/pipermail/vim/2006-August/000970.html SUSE http://www.novell.com/linux/security/advisories/2006_23_sr.html ST 1016689 SGI SAID Secunia Advisory: SA22487 Secunia Advisory: SA22080 Secunia Advisory: SA21354 Secunia Advisory: SA21444 Secunia Advisory: SA21586 Secunia Advisory: SA22104 Secunia Advisory: SA26235 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0668.html OSVDB 27917 MISC http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=115532449024178&w=2 DEBIAN http://www.debian.org/security/2006/dsa-1154 CONFIRM http://www.squirrelmail.org/security/issue/2006-08-11 http://docs.info.apple.com/article.html?artnum=306172 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/442980/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/442993/100/0/threaded BID 19486 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.