oss-sec mailing list archives
CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 12 May 2009 09:43:36 +0200
From squirrelmail.org: The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.18. The most notable changes for this version are several security fixes, including a couple XSS exploits, a session fixation issue, and an obscure but dangerous server-side code execution hole. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher http://tinyurl.com/dceu73 - Internetzensur stoppen! http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck (May 12)