Required CVE Record Information
Description
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
References 8 Total
- http://www.squirrelmail.org/security/issue/2005-01-14
- redhat.com: RHSA-2005:135 vendor-advisory
- marc.info: 20050129 SquirrelMail Security Advisory mailing-list
- redhat.com: RHSA-2005:099 vendor-advisory
- lists.apple.com: APPLE-SA-2005-03-21 vendor-advisory
- secunia.com: 13962 third-party-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:9587 vdb-entrysignature
- gentoo.org: GLSA-200501-39 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- http://www.squirrelmail.org/security/issue/2005-01-14 x_transferred
- redhat.com: RHSA-2005:135 vendor-advisoryx_transferred
- marc.info: 20050129 SquirrelMail Security Advisory mailing-listx_transferred
- redhat.com: RHSA-2005:099 vendor-advisoryx_transferred
- lists.apple.com: APPLE-SA-2005-03-21 vendor-advisoryx_transferred
- secunia.com: 13962 third-party-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:9587 vdb-entrysignaturex_transferred
- gentoo.org: GLSA-200501-39 vendor-advisoryx_transferred