Squirrelmail 1.4.19 exploit software#
Mandriva Enterprise Server 5: squirrelmail-1.4.19-2.2mdvmes5įull bulletin, software filtering, emails, fixes.
bi an.org/poo l/updates/ main/s/squ irrelmail/ squirrelma il_1.4.15- 4+lenn圓.1 _all.debĬorporate 4.0: squirrelmail-1.4.19-0mlcs4
svn.source / viewvc/squ irrelmail? view=rev &revis ion=13818 Solutions for this threat SquirrelMail: version 1.4.20. An attacker with a technician ability can exploit this cybersecurity weakness. The trust level is of type confirmed by the editor, with an origin of document.Ī proof of concept or an attack tool is available, so your teams have to process this alert.
Our Vigilance Vulnerability Alerts team determined that the severity of this computer vulnerability alert is medium. This computer threat impacts software or systems such as Debian, Fedora, RHEL, Unix (platform) ~ not comprehensive. When the victim, who is authenticated on the web site of SquirrelMail, reads this page, the image is loaded, and form actions are executed.Īn attacker can thus execute commands on the web interface of SquirrelMail, with privileges of the victim seeing an HTML document.įull bulletin, software filtering, emails, fixes. However, these forms do no check if they are voluntarily posted by an authenticated user.Īn attacker can create an HTML document with an image, whose url contains all parameters of the form. Web pages of the SquirrelMail web site contain forms to change preferences, delete emails or send emails.
The SquirrelMail program provides a mailbox access using a web browser. Vulnerable products: Debian, Fedora, RHEL, Unix (platform) ~ not comprehensive. Vulnerability of SquirrelMail: cross-site request forgery Synthesis of the vulnerabilityĪn attacker can execute commands on the web interface of SquirrelMail, with privileges of the victim seeing an HTML document.
0 kommentar(er)
