|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> SquirrelMail < 1.4.4 XSS Vulnerabilities Vulnerability Assessment Details
|
SquirrelMail < 1.4.4 XSS Vulnerabilities |
||
Checks for Three XSS Vulnerabilities in SquirrelMail < 1.4.4 Detailed Explanation for this Vulnerability Assessment The target is running at least one instance of SquirrelMail whose version number suggests it is vulnerable to one or more cross-site scripting vulnerabilities : - Insufficient escaping of integer variables in webmail.php permits a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1). - Insufficient checking of incoming URL vars in webmail.php permits an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1). - A recent change in prefs.php permits a possible hacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP's register_globals setting is enabled (affects 1.4.3-RC1 - 1.4.4-RC1). ***** Nessus has acertaind the vulnerability exists on the target ***** simply by looking at the version number of Squirrelmail ***** installed there. Solution : Upgrade to SquirrelMail 1.4.4 or later. Network Security Threat Level: Medium Networks Security ID: 12337 Vulnerability Assessment Copyright: This script is Copyright (C) 2005 George A. Theall |
||
Cables, Connectors |
Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR
$47.99
HP ProCurve 4108gl J4865A Modular Network Switch
$119.99
Cisco WS-C2950T-24, 24-Port Ethernet Switch
$49.99
Allen-Bradley 1783-BMS20CA AB 1783-BMS20CA Stratix 5700 Managed Ethernet Switch
$2840.00
New Linksys SE3005 5-port Gigabit Ethernet Switch
$15.99
Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch
$18.99
Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W Network Switch
$74.00
Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping
$49.95
HP JG937A Flexnetwork 5130-48G PoE+ 48-Port Gigabit Network Switch
$70.95
Fortinet FortiSwitch FS-124D-POE 24 Port Gigabit Ethernet Switch UNREGISTERED
$89.97
|
||
No Discussions have been posted on this vulnerability. |