|
|
SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities
|
Bugtraq ID:
|
16756
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2006-0195
CVE-2006-0377
CVE-2006-0188
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Feb 21 2006 12:00AM
|
|
Updated:
|
Dec 15 2006 10:53PM
|
|
Credit:
|
Scott Hughes reported the MagicHTML cross-site scripting issue to the vendor. Vicente Aguilera reported the IMAP injection issue. The vendor disclosed the 'webmail.php' cross-site scripting issue.
|
|
Vulnerable:
|
SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.6 -rc1
SquirrelMail SquirrelMail 1.4.5
+
MandrakeSoft Corporate Server 3.0 x86_64
+
MandrakeSoft Corporate Server 3.0
+
MandrakeSoft Corporate Server 3.0
+
MandrakeSoft Corporate Server 3.0
SquirrelMail SquirrelMail 1.4.4 RC1
SquirrelMail SquirrelMail 1.4.4
+
Debian Linux 3.1 sparc
+
Debian Linux 3.1 s/390
+
Debian Linux 3.1 s/390
+
Debian Linux 3.1 s/390
+
Debian Linux 3.1 ppc
+
Debian Linux 3.1 ppc
+
Debian Linux 3.1 ppc
+
Debian Linux 3.1 mipsel
+
Debian Linux 3.1 mipsel
+
Debian Linux 3.1 mipsel
+
Debian Linux 3.1 mips
+
Debian Linux 3.1 mips
+
Debian Linux 3.1 mips
+
Debian Linux 3.1 m68k
+
Debian Linux 3.1 m68k
+
Debian Linux 3.1 m68k
+
Debian Linux 3.1 ia-64
+
Debian Linux 3.1 ia-64
+
Debian Linux 3.1 ia-64
+
Debian Linux 3.1 ia-32
+
Debian Linux 3.1 ia-32
+
Debian Linux 3.1 ia-32
+
Debian Linux 3.1 hppa
+
Debian Linux 3.1 hppa
+
Debian Linux 3.1 hppa
+
Debian Linux 3.1 arm
+
Debian Linux 3.1 arm
+
Debian Linux 3.1 arm
+
Debian Linux 3.1 alpha
+
Debian Linux 3.1 alpha
+
Debian Linux 3.1 alpha
+
Debian Linux 3.1
+
Debian Linux 3.1
+
Debian Linux 3.1
+
Gentoo Linux
+
Gentoo Linux
+
Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 RC1
SquirrelMail SquirrelMail 1.4.3 r3
+
Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 a
+
Conectiva Linux 9.0
+
RedHat Fedora Core3
+
RedHat Fedora Core3
+
RedHat Fedora Core3
+
RedHat Fedora Core2
+
RedHat Fedora Core2
SquirrelMail SquirrelMail 1.4.3
SquirrelMail SquirrelMail 1.4.2
+
MandrakeSoft Corporate Server 3.0 x86_64
+
MandrakeSoft Corporate Server 3.0
+
MandrakeSoft Corporate Server 3.0
+
MandrakeSoft Corporate Server 3.0
+
RedHat Fedora Core2
+
RedHat Fedora Core2
+
RedHat Fedora Core2
SquirrelMail SquirrelMail 1.4.1
SquirrelMail SquirrelMail 1.4 RC1
SquirrelMail SquirrelMail 1.4
SquirrelMail SquirrelMail 1.2.11
SquirrelMail SquirrelMail 1.2.10
SquirrelMail SquirrelMail 1.2.9
SquirrelMail SquirrelMail 1.2.8
+
Terra Soft Solutions Yellow Dog Linux 3.0
SquirrelMail SquirrelMail 1.2.7
+
RedHat Linux 8.0
SquirrelMail SquirrelMail 1.2.6
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
Debian Linux 3.0 alpha
+
Debian Linux 3.0
+
Debian Linux 3.0
SquirrelMail SquirrelMail 1.2.5
SquirrelMail SquirrelMail 1.2.4
SquirrelMail SquirrelMail 1.2.3
SquirrelMail SquirrelMail 1.2.2
SquirrelMail SquirrelMail 1.2.1
SquirrelMail SquirrelMail 1.2 .0
SquirrelMail SquirrelMail 1.0.5
SquirrelMail SquirrelMail 1.0.4
SGI ProPack 3.0 SP6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Fedora Core4
RedHat Fedora Core3
RedHat Fedora Core2
RedHat Fedora Core1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
|
|
|
|
Not Vulnerable:
|
SquirrelMail SquirrelMail 1.4.6 -cvs
|
|
|
