New Search

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable which allows remote attackers to modify or read the preferences of other users conduct cross-site scripting XSS) attacks and write arbitrary files.

oval:org.mitre.oval:def:10500

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable which allows remote attackers to modify or read the preferences of other users conduct cross-site scripting XSS) attacks and write arbitrary files.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2005-2095
Product(s):