Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-2952-2: PHP regression

Back to Search

FreeBSD: squirrelmail -- random variable overwrite vulnerability (CVE-2006-4019)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
08/11/2006
Created
07/25/2018
Added
05/08/2014
Modified
05/27/2016

Description

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Solution(s)

  • freebsd-upgrade-package-ja-squirrelmail
  • freebsd-upgrade-package-squirrelmail

References

  • freebsd-upgrade-package-ja-squirrelmail
  • freebsd-upgrade-package-squirrelmail

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;