5
CVSSv2

CVE-2006-0377

Published: 24/02/2006 Updated: 11/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote malicious users to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

Vendor Advisories

Debian Bug report logs - #354062 CVE-2006-0195: XSS re comments in styles Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Geoff Crompton <geoffcrompton@strategicdatacomau> Date: Thu, 2 ...
Debian Bug report logs - #354064 CVE-2006-0188: possible XSS through right_main parameter of webmailphp Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Geoff Crompton <geoffcrompton@strategi ...
Debian Bug report logs - #354063 CVE-2006-0377: IMAP injection attempts Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Geoff Crompton <geoffcrompton@strategicdatacomau> Date: Thu, 23 ...

Mailing Lists

SquirrelMail versions 145 and below suffer from an IMAP injection flaw Versions 127 and below suffer from a SMTP injection flaw Details provided ...