Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3174

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3174
Last Modified 07 Mar 2011 09:37:59
Published 22 Jun 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3174

Summary

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

Vulnerable Systems

Application

  • Squirrelmail 1.5.1


References

XF - squirrelmail-search-xss(26941)

VUPEN - ADV-2007-2732

BID - 18700

OSVDB - 26610

BID - 25159

MANDRIVA - MDKSA-2006:147

SECUNIA - 26235

MISC - http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html

APPLE - APPLE-SA-2007-07-31

CONFIRM - http://docs.info.apple.com/article.html?artnum=306172

Related Patches

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server Universal) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Universal) (Rev 2)


Last Updated: 27 May 2016 10:42:54