CVE-2006-4019

NameCVE-2006-4019
DescriptionDynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1154
NVD severitymedium (attack range: remote)
Debian Bugs382621

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squirrelmail (PTS)jessie (security), jessie2:1.4.23~svn20120406-2+deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squirrelmailsource(unstable)2:1.4.8-1medium382621
squirrelmailsourcesarge2:1.4.4-9mediumDSA-1154

Search for package or bug name: Reporting problems