• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SquirrelMail G/PGP Encryption Plug-in Unspecified Remote Command Execution Vulnerability

A vulnerability in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. The issue occurs because the application fails to sufficiently sanitize user data.

Commands would run in the context of the webserver hosting the vulnerable software. This issue may be exploited by sending email to a user utilizing the affected plugin. When the plugin attempts to process the email, the malicious code will be executed, making successful exploits easier for attackers to attempt.

Reports indicate that this issue has been tested with SquirrelMail 1.4.10a and G/PGP Plugin 2.0. Other versions may be affected as well.