CVE-2010-1637

Related Files

Red Hat Security Advisory 2012-0103-01

Posted Feb 8, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.

tags | advisory, remote, web, arbitrary, php, xss

systems | linux, redhat

advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-2023, CVE-2011-2752, CVE-2011-2753

SHA-256 | 040b4b10a49caa004db71999e8f7658921ee27aeb022c6727ca45cd9c27514ad

Download | Favorite | View

Apple Security Advisory 2012-02-01-1

Posted Feb 3, 2012

Authored by Apple | Site apple.com

Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.

tags | advisory, vulnerability

systems | apple

advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-0200, CVE-2011-0241, CVE-2011-1148, CVE-2011-1167, CVE-2011-1657, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1938, CVE-2011-2023, CVE-2011-2192, CVE-2011-2202, CVE-2011-2204, CVE-2011-2483, CVE-2011-2895, CVE-2011-2937, CVE-2011-3182, CVE-2011-3189, CVE-2011-3246, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3252, CVE-2011-3256

SHA-256 | cf25033e1c0f7c890c4bb4bf4deec5fe01b2162ac354bd512e0fcd1426499d94

Download | Favorite | View

Mandriva Linux Security Advisory 2010-120

Posted Jun 23, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-120 - A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows malicious users to effectively port-scan any server through their SquirrelMail service (especially note that when a SquirrelMail server resides on a network behind a firewall, it may allow the user to explore the network topography (DNS scan) and services available (port scan) on the inside of (behind) that firewall. As this vulnerability is only exploitable post-authentication, and better more specific port scanning tools are freely available, we consider this vulnerability to be of very low severity. It has been fixed by restricting the allowable POP port numbers. The updated packages have been patched to correct this issue.

tags | advisory

systems | linux, mandriva

advisories | CVE-2010-1637

SHA-256 | c1ce6e51e0ff12140212416d19ef3ad63953447820df46e81f81e6daad09bd74

Download | Favorite | View