CVE-2006-4019
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
| Software | From | Fixed in |
|---|---|---|
| squirrelmail / squirrelmail | 1.4.2 | 1.4.2.x |
| squirrelmail / squirrelmail | 1.4.6_rc1 | 1.4.6_rc1.x |
| squirrelmail / squirrelmail | 1.4.3_r3 | 1.4.3_r3.x |
| squirrelmail / squirrelmail | 1.4.6 | 1.4.6.x |
| squirrelmail / squirrelmail | 1.4.7 | 1.4.7.x |
| squirrelmail / squirrelmail | 1.4.3_rc1 | 1.4.3_rc1.x |
| squirrelmail / squirrelmail | 1.4.4_rc1 | 1.4.4_rc1.x |
| squirrelmail / squirrelmail | 1.4.3 | 1.4.3.x |
| squirrelmail / squirrelmail | 1.4.1 | 1.4.1.x |
| squirrelmail / squirrelmail | 1.4.0 | 1.4.0.x |
| squirrelmail / squirrelmail | 1.44 | 1.44.x |
| squirrelmail / squirrelmail | 1.4.3a | 1.4.3a.x |
| squirrelmail / squirrelmail | 1.4_rc1 | 1.4_rc1.x |
| squirrelmail / squirrelmail | 1.4.4 | 1.4.4.x |
| squirrelmail / squirrelmail | 1.4.5 | 1.4.5.x |
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://attrition.org/pipermail/vim/2006-August/000970.html
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://marc.info/?l=full-disclosure&m=115532449024178&w=2
- http://secunia.com/advisories/21354
- http://secunia.com/advisories/21444
- http://secunia.com/advisories/21586
- http://secunia.com/advisories/22080
- http://secunia.com/advisories/22104
- http://secunia.com/advisories/22487
- http://secunia.com/advisories/26235
- http://securitytracker.com/id?1016689
- http://www.debian.org/security/2006/dsa-1154
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:147
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://www.osvdb.org/27917
- http://www.redhat.com/support/errata/RHSA-2006-0668.html
- http://www.securityfocus.com/archive/1/442980/100/0/threaded
- http://www.securityfocus.com/archive/1/442993/100/0/threaded
- http://www.securityfocus.com/bid/19486
- http://www.securityfocus.com/bid/25159
- http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
- http://www.squirrelmail.org/security/issue/2006-08-11
- http://www.vupen.com/english/advisories/2006/3271
- http://www.vupen.com/english/advisories/2007/2732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28365
- https://issues.rpath.com/browse/RPL-577
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime