Revision: | 7906 |
Committed: | Sat May 16 15:31:38 2009 UTC (14 years, 11 months ago) by laffer1 |
File size: | 731 byte(s) |
Log Message: | functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). |
# | User | Rev | Content |
---|---|---|---|
1 | laffer1 | 7906 | MD5 (squirrelmail/squirrelmail-1.4.18.tar.bz2) = 2df99afc1bc3b121296af65f52fbc5cc |
2 | SHA256 (squirrelmail/squirrelmail-1.4.18.tar.bz2) = be7a8370b7937bfe7ad3a584d3416d4895986181e3aac5227f52e14279b100a0 | ||
3 | RMD160 (squirrelmail/squirrelmail-1.4.18.tar.bz2) = 292d0f4123a8e8db84d9ff766a440848f1684b4b | ||
4 | SIZE (squirrelmail/squirrelmail-1.4.18.tar.bz2) = 509216 | ||
5 | laffer1 | 4793 | MD5 (squirrelmail/all_locales-1.4.13-20071220.tar.bz2) = c6463312afcd602ae60fd8f388dfb8c2 |
6 | SHA256 (squirrelmail/all_locales-1.4.13-20071220.tar.bz2) = 8fa5b82bb2e4448da80d2ccc42ec9874df8674691358736da6c7c3f7bbbae639 | ||
7 | laffer1 | 7906 | RMD160 (squirrelmail/all_locales-1.4.13-20071220.tar.bz2) = 67ebd2a4af9385de05b7ebe445296e63f1bf2aa8 |
8 | laffer1 | 4793 | SIZE (squirrelmail/all_locales-1.4.13-20071220.tar.bz2) = 3016605 |
Name | Value |
---|---|
cvs2svn:cvs-rev | 1.9 |