English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.14228
Category:CGI abuses
Title:SquirrelMail XSS and Local escalation
Summary:SquirrelMail XSS and Local escalation
Description:
The remote host is running SquirrelMail, a web-based mail server.

There are several flaws in all versions less than 1.4.3 and development
versions 1.5.0 and 1.5.1 which allow for local root access and remote
Cross-Site-Scripting (XSS) attacks.

***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Squirrelmail
***** installed there.

Solution : Upgrade to SquirrelMail 1.4.3 or greater.

Risk factor : Medium
Cross-Ref: BugTraq ID: 10246
BugTraq ID: 10397
BugTraq ID: 10439
Common Vulnerability Exposure (CVE) ID: CVE-2004-0519
Bugtraq: 20040429 SquirrelMail Cross Scripting Attacks.... (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=108334862800260
Bugtraq: 20040430 Re: SquirrelMail Cross Scripting Attacks.... (Google Search)
http://www.securityfocus.com/archive/1/361857
Conectiva Linux advisory: CLA-2004:858
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
Debian Security Information: DSA-535 (Google Search)
http://www.debian.org/security/2004/dsa-535
http://www.securityfocus.com/advisories/6827
https://bugzilla.fedora.us/show_bug.cgi?id=1733
http://security.gentoo.org/glsa/glsa-200405-16.xml
RedHat Security Advisories: RHSA-2004:240
http://rhn.redhat.com/errata/RHSA-2004-240.html
SGI Security Advisory: 20040604-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
SuSE Security Announcement: SUSE-SR:2005:019 (Google Search)
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.securityfocus.com/bid/10246
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1006
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10274
http://secunia.com/advisories/11531
http://secunia.com/advisories/11686
http://secunia.com/advisories/11870
http://secunia.com/advisories/12289
XForce ISS Database: squirrel-composephp-xss(16025)
http://xforce.iss.net/xforce/xfdb/16025
Common Vulnerability Exposure (CVE) ID: CVE-2004-0520
Bugtraq: 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=108611554415078&w=2
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108532891231712
http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
http://www.securityfocus.com/bid/10439
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1012
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10766
Common Vulnerability Exposure (CVE) ID: CVE-2004-0521
http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108309375029888
http://www.securityfocus.com/advisories/7148
Computer Incident Advisory Center Bulletin: O-212
http://www.ciac.org/ciac/bulletins/o-212.shtml
http://www.securityfocus.com/bid/10397
http://www.osvdb.org/6841
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1033
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11446
http://secunia.com/advisories/11685
XForce ISS Database: squirrelmail-sql-injection(16235)
http://xforce.iss.net/xforce/xfdb/16235
CopyrightThis script is Copyright (C) 2004 George A. Theall and Tenable Network Security

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.