11/20/2023 0 Comments Cise squirrelmailSquirrelmail adalah aplikasi webmail yang basisnya web. The mail message display page in SquirrelMail through 1.4.22 has XSS via a " Personal Informations > Email Address" setting.Ĭross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. Ketahui pengertian SquirrelMail, kelebihan, cara login dan cara memakainya lewat panduan lengkap kami, berikut ini Pengertian SquirrelMail. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as _wakeup or _destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).Ĭompose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. ** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.Ī certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. It doesn't send or receive email, but acts as an IMAP (and SMTP) client. The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. Y: Where are the SquirrelMail logs SquirrelMail is an email client, formally mail user agent (MUA) written in PHP. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.ģ Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 Functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |