Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0521

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0521
Last Modified 21 Aug 2010 12:20:41
Published 18 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0521

Summary

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

Vulnerable Systems

Application

  • Sgi Propack 3.0

  • Squirrelmail 1.0.4

  • Squirrelmail 1.0.5

  • Squirrelmail 1.2.0

  • Squirrelmail 1.2.1

  • Squirrelmail 1.2.10

  • Squirrelmail 1.2.11

  • Squirrelmail 1.2.2

  • Squirrelmail 1.2.3

  • Squirrelmail 1.2.4

  • Squirrelmail 1.2.5

  • Squirrelmail 1.2.6

  • Squirrelmail 1.2.7

  • Squirrelmail 1.2.8

  • Squirrelmail 1.2.9

  • Squirrelmail 1.4

  • Squirrelmail 1.4.1

  • Squirrelmail 1.4.2


References

BID - 10397

FEDORA - FEDORA-2004-1733

DEBIAN - DSA-535

GENTOO - GLSA-200405-16

REDHAT - RHSA-2004:240

MLIST - [squirrelmail-cvs] 20040427 [SM-CVS] CVS: squirrelmail/functions abook_database.php,1.15.2.1,1.15.2.2

SGI - 20040604-01-U

XF - squirrelmail-sql-injection(16235)

APPLE - APPLE-SA-2004-09-07

FEDORA - FEDORA-2004-160

OSVDB - 6841

CIAC - O-212

SECUNIA - 12289

SECUNIA - 11870

SECUNIA - 11686

SECUNIA - 11685

MLIST - [squirrelmail-devel] 20040511 [SM-DEVEL] SquirrelMail 1.4.3-RC1 Release

CONECTIVA - CLA-2004:858


Last Updated: 27 May 2016 10:38:38