Test ID:	1.3.6.1.4.1.25623.1.0.100203
Category:	Web application abuses
Title:	SquirrelMail < 1.4.18 Multiple Vulnerabilities
Summary:	SquirrelMail is prone to multiple vulnerabilities, including; multiple session-fixation issues, a code-injection issue, and multiple cross-site scripting; issues.
Description:	Summary: SquirrelMail is prone to multiple vulnerabilities, including multiple session-fixation issues, a code-injection issue, and multiple cross-site scripting issues. Vulnerability Impact: Attackers may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user, to hijack the session of a valid user, or to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the computer. Other attacks are also possible. Affected Software/OS: SquirrelMail versions prior to 1.4.18. Solution: Update to version 1.4.18 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1578 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 34916 http://www.securityfocus.com/bid/34916 Debian Security Information: DSA-1802 (Google Search) http://www.debian.org/security/2009/dsa-1802 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://osvdb.org/60468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624 http://www.redhat.com/support/errata/RHSA-2009-1066.html http://secunia.com/advisories/35052 http://secunia.com/advisories/35073 http://secunia.com/advisories/35140 http://secunia.com/advisories/35259 http://secunia.com/advisories/37415 http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2009/1296 http://www.vupen.com/english/advisories/2009/3315 http://www.vupen.com/english/advisories/2010/1481 XForce ISS Database: squirrelmail-decryptheaders-xss(50460) https://exchange.xforce.ibmcloud.com/vulnerabilities/50460 XForce ISS Database: squirrelmail-phpself-xss(50459) https://exchange.xforce.ibmcloud.com/vulnerabilities/50459 Common Vulnerability Exposure (CVE) ID: CVE-2009-1579 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986 XForce ISS Database: squirrelmail-mapypalias-code-execution(50461) https://exchange.xforce.ibmcloud.com/vulnerabilities/50461 Common Vulnerability Exposure (CVE) ID: CVE-2009-1580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107 XForce ISS Database: squirrelmail-baseuri-session-hijacking(50462) https://exchange.xforce.ibmcloud.com/vulnerabilities/50462 Common Vulnerability Exposure (CVE) ID: CVE-2009-1581 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441 XForce ISS Database: squirrelmail-css-xss(50463) https://exchange.xforce.ibmcloud.com/vulnerabilities/50463
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.