CVE-2006-4019

high

Description

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533

https://issues.rpath.com/browse/RPL-577

https://exchange.xforce.ibmcloud.com/vulnerabilities/28365

http://www.vupen.com/english/advisories/2007/2732

http://www.vupen.com/english/advisories/2006/3271

http://www.squirrelmail.org/security/issue/2006-08-11

http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch

http://www.securityfocus.com/bid/25159

http://www.securityfocus.com/bid/19486

http://www.securityfocus.com/archive/1/442993/100/0/threaded

http://www.securityfocus.com/archive/1/442980/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2006-0668.html

http://www.osvdb.org/27917

http://www.novell.com/linux/security/advisories/2006_23_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:147

http://www.debian.org/security/2006/dsa-1154

http://securitytracker.com/id?1016689

http://secunia.com/advisories/26235

http://secunia.com/advisories/22487

http://secunia.com/advisories/22104

http://secunia.com/advisories/22080

http://secunia.com/advisories/21586

http://secunia.com/advisories/21444

http://secunia.com/advisories/21354

http://marc.info/?l=full-disclosure&m=115532449024178&w=2

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://docs.info.apple.com/article.html?artnum=306172

http://attrition.org/pipermail/vim/2006-August/000970.html

Details

Source: Mitre, NVD

Published: 2006-08-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High