exploits , vulnerabilities , articles , SquirrelMail Form Submissions Cross Site Request Forgery Vulnerability

Title	SquirrelMail Form Submissions Cross Site Request Forgery Vulnerability
Published	2009-08-12-12:00AM
Updated	2009-08-31-08:52PM
Class	Design Error
CVE	CVE-2009-2964
Remote	Yes
Local	No
Credit	Mike Bailey and Jaykishan Nirmal and Kishor Sonawane
Vulnerable	SquirrelMail SquirrelMail 1.4.19 SquirrelMail SquirrelMail 1.4.18 SquirrelMail SquirrelMail 1.4.17 SquirrelMail SquirrelMail 1.4.16 SquirrelMail SquirrelMail 1.4.15 SquirrelMail SquirrelMail 1.4.12 SquirrelMail SquirrelMail 1.4.11 SquirrelMail SquirrelMail 1.4.9 a Debian Linux 4.0 SquirrelMail SquirrelMail 1.4.8 SquirrelMail SquirrelMail 1.4.7 SquirrelMail SquirrelMail 1.4.6 rc1 SquirrelMail SquirrelMail 1.4.6 cvs SquirrelMail SquirrelMail 1.4.6 SquirrelMail SquirrelMail 1.4.5 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 3.0 SquirrelMail SquirrelMail 1.4.4 RC1 SquirrelMail SquirrelMail 1.4.4 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 s/390 Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 ppc Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mipsel Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 mips Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 m68k Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia64 Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 ia32 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 hppa Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 arm Debian Linux 3.1 arm Debian Linux 3.1 alpha Debian Linux 3.1 alpha Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.1 Debian Linux 3.1 Gentoo Linux Gentoo Linux Gentoo Linux SquirrelMail SquirrelMail 1.4.3 RC1 SquirrelMail SquirrelMail 1.4.3 r3 Gentoo Linux SquirrelMail SquirrelMail 1.4.3 a Conectiva Linux 9.0 RedHat Fedora Core3 RedHat Fedora Core3 RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core2 SquirrelMail SquirrelMail 1.4.3 SquirrelMail SquirrelMail 1.4.2 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 3.0 RedHat Fedora Core2 RedHat Fedora Core2 RedHat Fedora Core2 SquirrelMail SquirrelMail 1.4.1 SquirrelMail SquirrelMail 1.4 RC1 SquirrelMail SquirrelMail 1.4 SquirrelMail SquirrelMail 1.2.11 SquirrelMail SquirrelMail 1.2.10 SquirrelMail SquirrelMail 1.2.9 SquirrelMail SquirrelMail 1.2.8 Terra Soft Solutions Yellow Dog Linux 3.0 SquirrelMail SquirrelMail 1.2.7 RedHat Linux 8.0 SquirrelMail SquirrelMail 1.2.6 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 alpha Debian Linux 3.0 Debian Linux 3.0 SquirrelMail SquirrelMail 1.2.5 SquirrelMail SquirrelMail 1.2.4 SquirrelMail SquirrelMail 1.2.3 SquirrelMail SquirrelMail 1.2.2 SquirrelMail SquirrelMail 1.2.1 SquirrelMail SquirrelMail 1.2 .0 SquirrelMail SquirrelMail 1.0.5 SquirrelMail SquirrelMail 1.0.4 RedHat Fedora 11 RedHat Fedora 10 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0
Not Vulnerable	SquirrelMail SquirrelMail 1.4.20 RC2
Code	To exploit the issue, an attacker must entice a user into visiting a malicious site.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
• 2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
• 2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities
• 2009-12-14 MySQL Multiple Remote Denial Of Service Vulnerabilities
• 2009-12-14 Digital Scribe Multiple SQL Injection Vulnerabilities
• 2009-12-14 Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability
• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
• 2009-12-14 WebKit Web Inspector Cross Site Scripting Vulnerability
• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 15 Dec 2009 11:58:57 +0000