AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 07, 2009, 04:17:06 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5332 Members
Latest Member: AlelfVage
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  Virtuozzo & Dedicated Servers  |  Security Alerts  |  Topic: SquirrelMail "POST" Cross Site Scripting and Security Bypass 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SquirrelMail "POST" Cross Site Scripting and Security Bypass  (Read 850 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
SquirrelMail "POST" Cross Site Scripting and Security Bypass
« on: July 13, 2005, 08:54:48 PM »
* Technical Description *

A vulnerability was identified in SquirrelMail, which could be exploited by malicious users to conduct cross site scripting attacks or gain unauthorized access. This flaw is due to an input validation error in the "options_identities.php" file that does not properly filter the "$_POST" variable, which could be exploited by attackers to change other people's preferences, conduct cross site scripting attacks and write arbitrary files on a vulnerable system.

 * Affected Products *

SquirrelMail version 1.4.0 through 1.4.5-RC1

 * Solution *

Upgrade to SquirrelMail version 1.4.5 :
http://www.squirrelmail.org/download.php

 * References *

http://www.frsirt.com/english/advisories/2005/1087
http://www.squirrelmail.org/security/issue/2005-07-13
http://www.squirrelmail.org/changelog.php
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  Virtuozzo & Dedicated Servers  |  Security Alerts  |  Topic: SquirrelMail "POST" Cross Site Scripting and Security Bypass « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!