CVE-2005-2095

Published: Jul 13, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Affected (22)

Products: Squirrelmail: Squirrelmail

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	Version 1.0.4
Squirrelmail Squirrelmail	Version 1.0.5
Squirrelmail Squirrelmail	Version 1.2.0
Squirrelmail Squirrelmail	Version 1.2.10
Squirrelmail Squirrelmail	Version 1.2.11
Squirrelmail Squirrelmail	Version 1.2.1
Squirrelmail Squirrelmail	Version 1.2.2
Squirrelmail Squirrelmail	Version 1.2.3
Squirrelmail Squirrelmail	Version 1.2.4
Squirrelmail Squirrelmail	Version 1.2.5
Squirrelmail Squirrelmail	Version 1.2.6
Squirrelmail Squirrelmail	Version 1.2.7
Squirrelmail Squirrelmail	Version 1.2.8
Squirrelmail Squirrelmail	Version 1.2.9
Squirrelmail Squirrelmail	Version 1.4.0
Squirrelmail Squirrelmail	Version 1.4.1
Squirrelmail Squirrelmail	Version 1.4.2
Squirrelmail Squirrelmail	Version 1.4.3
Squirrelmail Squirrelmail	Version 1.4.3_rc1
Squirrelmail Squirrelmail	Version 1.4.3a
Squirrelmail Squirrelmail	Version 1.44
Squirrelmail Squirrelmail	Version 1.4

References (26)

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-756

Source: secalert@redhat.com

PatchVendor Advisory

http://www.gulftech.org/?node=research&article_id=00090-07142005

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2005-595.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/405200

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/405202

Source: secalert@redhat.com

http://www.securityfocus.com/bid/14254

Source: secalert@redhat.com

http://www.squirrelmail.org/security/issue/2005-07-13

Source: secalert@redhat.com

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/21359

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2005/dsa-756

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.gulftech.org/?node=research&article_id=00090-07142005

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-595.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/405200

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/405202

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/14254

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.squirrelmail.org/security/issue/2005-07-13

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/21359

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10500

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.