SquirrelMail Search.PHP Cross-Site Scripting Vulnerability

Bugtraq ID: 18700
Class: Input Validation Error
CVE: CVE-2006-3174
Remote: Yes
Local: No
Published: Jun 28 2006 12:00AM
Updated: Aug 01 2007 10:55PM
Credit: Alec Berryman is credited with the discovery of this vulnerability.
Vulnerable: SquirrelMail SquirrelMail 1.5.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
SquirrelMail SquirrelMail 1.5 Development Version
SquirrelMail SquirrelMail 1.4.8
SquirrelMail SquirrelMail 1.4.7
SquirrelMail SquirrelMail 1.4.6 -rc1
SquirrelMail SquirrelMail 1.4.6 -cvs
SquirrelMail SquirrelMail 1.4.6
SquirrelMail SquirrelMail 1.4.5
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
SquirrelMail SquirrelMail 1.4.4 RC1
SquirrelMail SquirrelMail 1.4.4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Gentoo Linux
+ Gentoo Linux
+ Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 RC1
SquirrelMail SquirrelMail 1.4.3 r3
+ Gentoo Linux
SquirrelMail SquirrelMail 1.4.3 a
+ Redhat Fedora Core3
+ Redhat Fedora Core3
+ Redhat Fedora Core3
+ Redhat Fedora Core2
+ Redhat Fedora Core2
SquirrelMail SquirrelMail 1.4.3
SquirrelMail SquirrelMail 1.4.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ Redhat Fedora Core2
+ Redhat Fedora Core2
+ Redhat Fedora Core2
SquirrelMail SquirrelMail 1.4.1
SquirrelMail SquirrelMail 1.4 RC1
SquirrelMail SquirrelMail 1.4
SquirrelMail SquirrelMail 1.2.11
SquirrelMail SquirrelMail 1.2.10
SquirrelMail SquirrelMail 1.2.9
SquirrelMail SquirrelMail 1.2.8
+ Terra Soft Solutions Yellow Dog Linux 3.0
SquirrelMail SquirrelMail 1.2.7
+ Redhat Linux 8.0
SquirrelMail SquirrelMail 1.2.6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
SquirrelMail SquirrelMail 1.2.5
SquirrelMail SquirrelMail 1.2.4
SquirrelMail SquirrelMail 1.2.3
SquirrelMail SquirrelMail 1.2.2
SquirrelMail SquirrelMail 1.2.1
SquirrelMail SquirrelMail 1.2 .0
SquirrelMail SquirrelMail 1.0.5
SquirrelMail SquirrelMail 1.0.4
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus