Vulnerability-Lookup

CVE-2006-6142 (GCVE-0-2006-6142)

Vulnerability from cvelistv5 – Published: 2006-12-05 16:00 – Updated: 2024-08-07 20:19

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2732	vdb-entryx_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/23195	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2007-00…	vendor-advisoryx_refsource_REDHAT
	http://fedoranews.org/cms/node/2438	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/23409	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/23504	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/24284	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/23322	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.debian.org/security/2006/dsa-1241	vendor-advisoryx_refsource_DEBIAN
	http://fedoranews.org/cms/node/2439	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/21414	vdb-entryx_refsource_BID
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
	http://secunia.com/advisories/24004	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/25159	vdb-entryx_refsource_BID
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://squirrelmail.org/security/issue/2006-12-02	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	https://issues.rpath.com/browse/RPL-849	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/4828	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/23811	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1017327	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/26235	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:19:34.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "MDKSA-2006:226",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
          },
          {
            "name": "23195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23195"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "RHSA-2007:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
          },
          {
            "name": "FEDORA-2007-088",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2438"
          },
          {
            "name": "23409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23409"
          },
          {
            "name": "oval:org.mitre.oval:def:9988",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
          },
          {
            "name": "23504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23504"
          },
          {
            "name": "24284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24284"
          },
          {
            "name": "squirrelmail-webmail-compose-xss(30693)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
          },
          {
            "name": "squirrelmail-mimeheader-xss(30695)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
          },
          {
            "name": "23322",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23322"
          },
          {
            "name": "SUSE-SR:2007:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
          },
          {
            "name": "squirrelmail-magichtml-messages-xss(30694)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
          },
          {
            "name": "DSA-1241",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1241"
          },
          {
            "name": "FEDORA-2007-089",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2439"
          },
          {
            "name": "21414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21414"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
          },
          {
            "name": "24004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24004"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "20070201-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.org/security/issue/2006-12-02"
          },
          {
            "name": "SUSE-SR:2006:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-849"
          },
          {
            "name": "ADV-2006-4828",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4828"
          },
          {
            "name": "23811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23811"
          },
          {
            "name": "1017327",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017327"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-02T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T04:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "MDKSA-2006:226",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
        },
        {
          "name": "23195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23195"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "RHSA-2007:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
        },
        {
          "name": "FEDORA-2007-088",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2438"
        },
        {
          "name": "23409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23409"
        },
        {
          "name": "oval:org.mitre.oval:def:9988",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
        },
        {
          "name": "23504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23504"
        },
        {
          "name": "24284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24284"
        },
        {
          "name": "squirrelmail-webmail-compose-xss(30693)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
        },
        {
          "name": "squirrelmail-mimeheader-xss(30695)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
        },
        {
          "name": "23322",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23322"
        },
        {
          "name": "SUSE-SR:2007:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
        },
        {
          "name": "squirrelmail-magichtml-messages-xss(30694)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
        },
        {
          "name": "DSA-1241",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1241"
        },
        {
          "name": "FEDORA-2007-089",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2439"
        },
        {
          "name": "21414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21414"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
        },
        {
          "name": "24004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24004"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "20070201-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.org/security/issue/2006-12-02"
        },
        {
          "name": "SUSE-SR:2006:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-849"
        },
        {
          "name": "ADV-2006-4828",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4828"
        },
        {
          "name": "23811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23811"
        },
        {
          "name": "1017327",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017327"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6142",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "MDKSA-2006:226",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
            },
            {
              "name": "23195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23195"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "RHSA-2007:0022",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
            },
            {
              "name": "FEDORA-2007-088",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2438"
            },
            {
              "name": "23409",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23409"
            },
            {
              "name": "oval:org.mitre.oval:def:9988",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
            },
            {
              "name": "23504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23504"
            },
            {
              "name": "24284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24284"
            },
            {
              "name": "squirrelmail-webmail-compose-xss(30693)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
            },
            {
              "name": "squirrelmail-mimeheader-xss(30695)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
            },
            {
              "name": "23322",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23322"
            },
            {
              "name": "SUSE-SR:2007:004",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
            },
            {
              "name": "squirrelmail-magichtml-messages-xss(30694)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
            },
            {
              "name": "DSA-1241",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1241"
            },
            {
              "name": "FEDORA-2007-089",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2439"
            },
            {
              "name": "21414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21414"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=468482",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
            },
            {
              "name": "24004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24004"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "20070201-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
            },
            {
              "name": "http://squirrelmail.org/security/issue/2006-12-02",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.org/security/issue/2006-12-02"
            },
            {
              "name": "SUSE-SR:2006:029",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-849",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-849"
            },
            {
              "name": "ADV-2006-4828",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4828"
            },
            {
              "name": "23811",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23811"
            },
            {
              "name": "1017327",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017327"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6142",
    "datePublished": "2006-12-05T16:00:00.000Z",
    "dateReserved": "2006-11-28T05:00:00.000Z",
    "dateUpdated": "2024-08-07T20:19:34.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2006-6142

Vulnerability from fkie_nvd - Published: 2006-12-05 11:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
	cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306172
	cve@mitre.org	http://fedoranews.org/cms/node/2438
	cve@mitre.org	http://fedoranews.org/cms/node/2439
	cve@mitre.org	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
	cve@mitre.org	http://secunia.com/advisories/23195
	cve@mitre.org	http://secunia.com/advisories/23322
	cve@mitre.org	http://secunia.com/advisories/23409
	cve@mitre.org	http://secunia.com/advisories/23504
	cve@mitre.org	http://secunia.com/advisories/23811
	cve@mitre.org	http://secunia.com/advisories/24004
	cve@mitre.org	http://secunia.com/advisories/24284
	cve@mitre.org	http://secunia.com/advisories/26235
	cve@mitre.org	http://securitytracker.com/id?1017327
	cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=468482
	cve@mitre.org	http://squirrelmail.org/security/issue/2006-12-02
	cve@mitre.org	http://www.debian.org/security/2006/dsa-1241
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
	cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_29_sr.html
	cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_4_sr.html
	cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0022.html
	cve@mitre.org	http://www.securityfocus.com/bid/21414
	cve@mitre.org	http://www.securityfocus.com/bid/25159
	cve@mitre.org	http://www.vupen.com/english/advisories/2006/4828
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/2732
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
	cve@mitre.org	https://issues.rpath.com/browse/RPL-849
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988
	af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
	af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306172
	af854a3a-2127-422b-91ae-364da2661108	http://fedoranews.org/cms/node/2438
	af854a3a-2127-422b-91ae-364da2661108	http://fedoranews.org/cms/node/2439
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23195
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23322
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23409
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23504
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23811
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24004
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24284
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26235
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017327
	af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=468482
	af854a3a-2127-422b-91ae-364da2661108	http://squirrelmail.org/security/issue/2006-12-02
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1241
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
	af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_29_sr.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_4_sr.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0022.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21414
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25159
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4828
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2732
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
	af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-849
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988

Impacted products

Vendor	Product	Version
squirrelmail	squirrelmail	1.4
squirrelmail	squirrelmail	1.4.1
squirrelmail	squirrelmail	1.4.2
squirrelmail	squirrelmail	1.4.3
squirrelmail	squirrelmail	1.4.3_r3
squirrelmail	squirrelmail	1.4.3_rc1
squirrelmail	squirrelmail	1.4.3aa
squirrelmail	squirrelmail	1.4.4
squirrelmail	squirrelmail	1.4.4_rc1
squirrelmail	squirrelmail	1.4.5
squirrelmail	squirrelmail	1.4.6
squirrelmail	squirrelmail	1.4.6_cvs
squirrelmail	squirrelmail	1.4.6_rc1
squirrelmail	squirrelmail	1.4.7
squirrelmail	squirrelmail	1.4_rc1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.0 hasta 1.4.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) par\u00e1metro mailto en (a) webmail.php, los par\u00e1metros (2) session y (3) delete_draft en (b) compose.php, y (4) vectores no especificados implicando \"a shortcoming in the magicHTML filter.\""
    }
  ],
  "id": "CVE-2006-6142",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-05T11:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/cms/node/2438"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/cms/node/2439"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23195"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23504"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23811"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24284"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017327"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://squirrelmail.org/security/issue/2006-12-02"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1241"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21414"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-849"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://squirrelmail.org/security/issue/2006-12-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-6142

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-6142

Aliases

CVE-2006-6142

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-6142",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\"",
    "id": "GSD-2006-6142",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-6142.html",
      "https://www.debian.org/security/2006/dsa-1241",
      "https://access.redhat.com/errata/RHSA-2007:0022",
      "https://linux.oracle.com/cve/CVE-2006-6142.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-6142"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\"",
      "id": "GSD-2006-6142",
      "modified": "2023-12-13T01:19:54.399789Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-6142",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2732",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "MDKSA-2006:226",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
          },
          {
            "name": "23195",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23195"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "RHSA-2007:0022",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
          },
          {
            "name": "FEDORA-2007-088",
            "refsource": "FEDORA",
            "url": "http://fedoranews.org/cms/node/2438"
          },
          {
            "name": "23409",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23409"
          },
          {
            "name": "oval:org.mitre.oval:def:9988",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
          },
          {
            "name": "23504",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23504"
          },
          {
            "name": "24284",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24284"
          },
          {
            "name": "squirrelmail-webmail-compose-xss(30693)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
          },
          {
            "name": "squirrelmail-mimeheader-xss(30695)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
          },
          {
            "name": "23322",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23322"
          },
          {
            "name": "SUSE-SR:2007:004",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
          },
          {
            "name": "squirrelmail-magichtml-messages-xss(30694)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
          },
          {
            "name": "DSA-1241",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1241"
          },
          {
            "name": "FEDORA-2007-089",
            "refsource": "FEDORA",
            "url": "http://fedoranews.org/cms/node/2439"
          },
          {
            "name": "21414",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21414"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306172",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=468482",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
          },
          {
            "name": "24004",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24004"
          },
          {
            "name": "25159",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "20070201-01-P",
            "refsource": "SGI",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
          },
          {
            "name": "http://squirrelmail.org/security/issue/2006-12-02",
            "refsource": "CONFIRM",
            "url": "http://squirrelmail.org/security/issue/2006-12-02"
          },
          {
            "name": "SUSE-SR:2006:029",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-849",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-849"
          },
          {
            "name": "ADV-2006-4828",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4828"
          },
          {
            "name": "23811",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23811"
          },
          {
            "name": "1017327",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017327"
          },
          {
            "name": "26235",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26235"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6142"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=468482",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
            },
            {
              "name": "http://squirrelmail.org/security/issue/2006-12-02",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://squirrelmail.org/security/issue/2006-12-02"
            },
            {
              "name": "21414",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/21414"
            },
            {
              "name": "1017327",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017327"
            },
            {
              "name": "23195",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23195"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-849",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-849"
            },
            {
              "name": "23322",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23322"
            },
            {
              "name": "SUSE-SR:2006:029",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
            },
            {
              "name": "23409",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23409"
            },
            {
              "name": "DSA-1241",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1241"
            },
            {
              "name": "23504",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23504"
            },
            {
              "name": "FEDORA-2007-088",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://fedoranews.org/cms/node/2438"
            },
            {
              "name": "FEDORA-2007-089",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://fedoranews.org/cms/node/2439"
            },
            {
              "name": "RHSA-2007:0022",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
            },
            {
              "name": "23811",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23811"
            },
            {
              "name": "24004",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24004"
            },
            {
              "name": "SUSE-SR:2007:004",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "MDKSA-2006:226",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
            },
            {
              "name": "20070201-01-P",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "24284",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24284"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "ADV-2006-4828",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4828"
            },
            {
              "name": "squirrelmail-mimeheader-xss(30695)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
            },
            {
              "name": "squirrelmail-magichtml-messages-xss(30694)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
            },
            {
              "name": "squirrelmail-webmail-compose-xss(30693)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
            },
            {
              "name": "oval:org.mitre.oval:def:9988",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:31Z",
      "publishedDate": "2006-12-05T11:28Z"
    }
  }
}

CERTA-2007-AVI-340

Vulnerability from certfr_avis - Published: 2007-08-01 - Updated: 2007-08-01

Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

Tags

Avis de sécurité Apple 2007-007 306172 du 30 juillet 2007	None	vendor-advisory
Bulletin de sécurité Apple 2007-007 306172 du 30 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server v10.4.10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4.10 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Mac OS X. Parmi celles-ci :\n\n-   bzip2 : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   CFNetwork : un clic sur une addresse malicieusement form\u00e9e permet\n    l\u0027ex\u00e9cution de commandes FTP arbitraires \u00e0 distance ;\n-   CoreAudio : une page Web malicieusement cr\u00e9\u00e9e permet \u00e0 l\u0027aide d\u0027une\n    applet Java d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance;\n-   cscope : des vuln\u00e9rabilit\u00e9s concernant un d\u00e9passement de m\u00e9moire et\n    la cr\u00e9ation de fichiers temporaires dangereux ont \u00e9t\u00e9 corrig\u00e9es ;\n-   gnuzip : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   iChat : un d\u00e9passement de m\u00e9moire permet de provoquer un d\u00e9ni de\n    service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance au\n    sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   Kerberos : des vuln\u00e9rabilit\u00e9s pouvant provoquer un d\u00e9ni de service\n    ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es ;\n-   mDNSResponder : un d\u00e9passement de m\u00e9moire permet de provoquer un\n    d\u00e9ni de service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance au sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   PDFKit : l\u0027ouverture d\u0027un document malicieusement cr\u00e9\u00e9 permet un\n    d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de code arbitraire ;\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s touchant PHP 4.4.4 ont \u00e9t\u00e9 corrig\u00e9es\n    ;\n-   Quartz Composer : l\u0027ouverture d\u0027un fichier Quartz malicieusement\n    cr\u00e9\u00e9 permet un d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   Samba : lorsque le partage de fichiers Windows est activ\u00e9, un\n    utilisateur non authentifi\u00e9 peut, \u00e0 distance, provoquer un d\u00e9ni de\n    service, ex\u00e9cuter du code ou des commandes arbitraires et contourner\n    la politique de s\u00e9curit\u00e9 ;\n-   SquirrelMail : plusieurs vuln\u00e9rabilit\u00e9s dont au moins une permettant\n    une attaque de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s dont certaines permettant des\n    attaques de type cross-site scripting et l\u0027atteinte \u00e0 la\n    confidentialit\u00e9 des donn\u00e9es ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebCore : des vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution d\u0027applets Java\n    alors que celui-ci est d\u00e9sactiv\u00e9 et permettant la r\u00e9alisation\n    d\u0027attaques de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebKit : l\u0027ouverture d\u0027une page Web malicieusement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2005-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-0758"
    },
    {
      "name": "CVE-2007-2403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2403"
    },
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2407"
    },
    {
      "name": "CVE-2006-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2842"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2409"
    },
    {
      "name": "CVE-2007-2405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2405"
    },
    {
      "name": "CVE-2007-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3944"
    },
    {
      "name": "CVE-2007-1287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1287"
    },
    {
      "name": "CVE-2007-1262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1262"
    },
    {
      "name": "CVE-2007-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2408"
    },
    {
      "name": "CVE-2005-3128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3128"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2446"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1717"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0478"
    },
    {
      "name": "CVE-2006-3174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3174"
    },
    {
      "name": "CVE-2007-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3747"
    },
    {
      "name": "CVE-2007-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2406"
    },
    {
      "name": "CVE-2007-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3748"
    },
    {
      "name": "CVE-2007-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2442"
    },
    {
      "name": "CVE-2007-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3744"
    },
    {
      "name": "CVE-2007-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3745"
    },
    {
      "name": "CVE-2007-1460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1460"
    },
    {
      "name": "CVE-2007-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2410"
    },
    {
      "name": "CVE-2004-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-0996"
    },
    {
      "name": "CVE-2006-6142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6142"
    },
    {
      "name": "CVE-2007-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860"
    },
    {
      "name": "CVE-2007-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2798"
    },
    {
      "name": "CVE-2007-1461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1461"
    },
    {
      "name": "CVE-2007-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3742"
    },
    {
      "name": "CVE-2004-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2541"
    },
    {
      "name": "CVE-2007-2404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2404"
    },
    {
      "name": "CVE-2007-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2447"
    },
    {
      "name": "CVE-2007-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1484"
    },
    {
      "name": "CVE-2006-4019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4019"
    },
    {
      "name": "CVE-2007-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2589"
    },
    {
      "name": "CVE-2007-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2443"
    },
    {
      "name": "CVE-2007-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3746"
    }
  ],
  "initial_release_date": "2007-08-01T00:00:00",
  "last_revision_date": "2007-08-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet    2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    }
  ],
  "reference": "CERTA-2007-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es : elles concernent le\nsyst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation de ces derni\u00e8res peut\navoir des cons\u00e9quences vari\u00e9es, comme l\u0027ex\u00e9cution de code arbitraire, ou\nun dysfonctionnement du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet 2007",
      "url": null
    }
  ]
}

CERTA-2006-AVI-526

Vulnerability from certfr_avis - Published: 2006-12-04 - Updated: 2007-03-26

Deux vulnérabilités dans SquirrelMail permettent à un utilisateur distant de réaliser une attaque de type Cross Site Scripting.

Description

Ces vulnérabilités sont causées par un manque de contrôle sur les arguments retournés à l'utilisateur et par une erreur dans le filtre HTML magicHTML. Les scripts PHP vulnérables, webmail.php et compose.php, sont exécutés depuis les menus draft, compose et mailto. Un utilisateur distant peut exploiter ces vulnérabilités afin d'injecter du code arbitraire depuis le serveur (sain) et l'exécuter dans le contexte du navigateur Internet de l'utilisateur connecté.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toute version de SquirrelMail antérieures à 1.4.9a.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité SquirrelMail du 02 décembre 2006	None	vendor-advisory
Note de changement de version SourceForge 468482 :	-	other
Bulletion de sécurité RedHat RHSA-2007:0022 du 31 janvier 2007 :	-	other
Bulletion de sécurité SuSE SUSE-SR:2007:004 du 16 mars 2007 :	-	other
Bulletion de sécurité Debian DSA-1241 du 25 décembre 2006 :	-	other
Bulletion de sécurité SuSE SUSE-SR:2006:029 du 19 décembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToute version de SquirrelMail ant\u00e9rieures \u00e0 1.4.9a.\u003c/P\u003e",
  "content": "## Description\n\nCes vuln\u00e9rabilit\u00e9s sont caus\u00e9es par un manque de contr\u00f4le sur les\narguments retourn\u00e9s \u00e0 l\u0027utilisateur et par une erreur dans le filtre\nHTML magicHTML. Les scripts PHP vuln\u00e9rables, webmail.php et compose.php,\nsont ex\u00e9cut\u00e9s depuis les menus draft, compose et mailto. Un utilisateur\ndistant peut exploiter ces vuln\u00e9rabilit\u00e9s afin d\u0027injecter du code\narbitraire depuis le serveur (sain) et l\u0027ex\u00e9cuter dans le contexte du\nnavigateur Internet de l\u0027utilisateur connect\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-6142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6142"
    }
  ],
  "initial_release_date": "2006-12-04T00:00:00",
  "last_revision_date": "2007-03-26T00:00:00",
  "links": [
    {
      "title": "Note de changement de version SourceForge 468482 :",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
    },
    {
      "title": "Bulletion de s\u00e9curit\u00e9 RedHat RHSA-2007:0022 du 31 janvier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-002.html"
    },
    {
      "title": "Bulletion de s\u00e9curit\u00e9 SuSE SUSE-SR:2007:004 du 16 mars 2007    :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0005.html"
    },
    {
      "title": "Bulletion de s\u00e9curit\u00e9 Debian DSA-1241 du 25 d\u00e9cembre 2006 :",
      "url": "http://www.debian..org/security/2006/dsa-1241"
    },
    {
      "title": "Bulletion de s\u00e9curit\u00e9 SuSE SUSE-SR:2006:029 du 19 d\u00e9cembre    2006 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0008.html"
    }
  ],
  "reference": "CERTA-2006-AVI-526",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-12-04T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bullentins de s\u00e9curit\u00e9 RedHat, Debian et SuSE.",
      "revision_date": "2007-02-02T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SuSE.",
      "revision_date": "2007-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Attaque de type cross site scripting"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans SquirrelMail permettent \u00e0 un utilisateur\ndistant de r\u00e9aliser une attaque de type Cross Site Scripting.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans SquirrelMail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SquirrelMail du 02 d\u00e9cembre 2006",
      "url": "http://squirrelmail.org/security/issue/2006-12-02"
    }
  ]
}

GHSA-58CJ-JWPM-3HVQ

Vulnerability from github – Published: 2022-05-03 03:16 – Updated: 2022-05-03 03:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-6142"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-12-05T11:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\"",
  "id": "GHSA-58cj-jwpm-3hvq",
  "modified": "2022-05-03T03:16:44Z",
  "published": "2022-05-03T03:16:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6142"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-849"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "type": "WEB",
      "url": "http://fedoranews.org/cms/node/2438"
    },
    {
      "type": "WEB",
      "url": "http://fedoranews.org/cms/node/2439"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23195"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23322"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23504"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23811"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24004"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24284"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017327"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
    },
    {
      "type": "WEB",
      "url": "http://squirrelmail.org/security/issue/2006-12-02"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1241"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21414"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4828"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-6142 (GCVE-0-2006-6142)

FKIE_CVE-2006-6142

GSD-2006-6142

CERTA-2007-AVI-340

Description

Solution

CERTA-2006-AVI-526

Description

Solution

GHSA-58CJ-JWPM-3HVQ

Tags

Sightings

Nomenclature