Vulnerability Details : CVE-2006-4019
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
Products affected by CVE-2006-4019
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4019
33.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4019
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2006-4019
-
http://www.securityfocus.com/archive/1/442993/100/0/threaded
-
http://www.securityfocus.com/archive/1/442980/100/0/threaded
-
http://docs.info.apple.com/article.html?artnum=306172
-
http://www.securityfocus.com/bid/25159
-
http://marc.info/?l=full-disclosure&m=115532449024178&w=2
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533
-
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:147
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28365
-
http://www.securityfocus.com/bid/19486
-
http://www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patch
Patch
-
http://www.debian.org/security/2006/dsa-1154
-
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Security - Support | SUSE
-
http://www.squirrelmail.org/security/issue/2006-08-11
Patch
-
http://attrition.org/pipermail/vim/2006-August/000970.html
-
https://issues.rpath.com/browse/RPL-577
-
http://www.vupen.com/english/advisories/2006/3271
-
http://www.vupen.com/english/advisories/2007/2732
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.redhat.com/support/errata/RHSA-2006-0668.html
-
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
-
http://securitytracker.com/id?1016689
Jump to