Published: 11/08/2006 Updated: 17/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote malicious users to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squirrelmail squirrelmail 1.4.3
squirrelmail squirrelmail 1.4.3_r3
squirrelmail squirrelmail 1.4.7
squirrelmail squirrelmail 1.4_rc1
squirrelmail squirrelmail 1.4.0
squirrelmail squirrelmail 1.4.4_rc1
squirrelmail squirrelmail 1.4.5
squirrelmail squirrelmail 1.4.1
squirrelmail squirrelmail 1.4.2
squirrelmail squirrelmail 1.4.6
squirrelmail squirrelmail 1.4.6_rc1
squirrelmail squirrelmail 1.4.3_rc1
squirrelmail squirrelmail 1.4.3a
squirrelmail squirrelmail 1.4.4
squirrelmail squirrelmail 1.44

Debian Bug report logs - #382621 [squirrelmail] CVE-2006-4019 Variable overwriting in composephp Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Helmut <bgrpt@toplitzernet> Date: Sat, 1 ...

SquirrelMail Arbitrary Variable Overwrite Vendor: SquirrelMail Product: SquirrelMail Version: <= 147 Website: wwwsquirrelmailorg BID: 19486 CVE: CVE-2006-4019 OSVDB: 27917 SECUNIA: 21354 Description: SquirrelMail is a standards-based webmail package written in php It includes built-in pure PHP support for the IMAP and SMTP pro ...

NVD-CWE-Other http://www.squirrelmail.org/security/issue/2006-08-11 http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch http://secunia.com/advisories/21354 http://attrition.org/pipermail/vim/2006-August/000970.html https://issues.rpath.com/browse/RPL-577 http://www.securityfocus.com/bid/19486 http://www.osvdb.org/27917 http://securitytracker.com/id?1016689 http://secunia.com/advisories/21444 http://www.debian.org/security/2006/dsa-1154 http://secunia.com/advisories/21586 http://www.redhat.com/support/errata/RHSA-2006-0668.html http://www.novell.com/linux/security/advisories/2006_23_sr.html http://secunia.com/advisories/22104 ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://secunia.com/advisories/22487 http://secunia.com/advisories/22080 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 http://www.securityfocus.com/bid/25159 http://secunia.com/advisories/26235 http://www.vupen.com/english/advisories/2007/2732 http://www.vupen.com/english/advisories/2006/3271 http://marc.info/?l=full-disclosure&m=115532449024178&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/28365 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533 http://www.securityfocus.com/archive/1/442993/100/0/threaded http://www.securityfocus.com/archive/1/442980/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382621 https://nvd.nist.gov https://www.exploit-db.com/exploits/43839/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4019

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect