Re: Squirrel Mail 1.2.7 XSS Exploit

From: Jason Munro (jasonat_private)
Date: Thu Sep 19 2002 - 14:51:09 PDT

Next message: Alex Gantman: "More vulnerabilities (Re: Security side-effects of Word fields)"

Previous message: secureat_private: "[CLA-2002:524] Conectiva Linux Security Announcement - postgresql"
In reply to: DarC KonQuesT: "Squirrel Mail 1.2.7 XSS Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

DarC KonQuesT said:
> ****Sorry if you receive two of these.****
>
> DarC KonQuesT XSS Release-
>
> Product: Squirrel Mail 1.2.7 - released June 21, 2002 (tested, others
> possibly vulnerable)
> Vendor: Squirrel Mail - Web: www.squirrelmail.org
> Problem: Cross Site Scripting
> Severity: Moderate
> Operating System(s): Tested against Red Hat 7.3, all others vulnerable
> if they are using this version of Squirrel.

Mr KonQuesT,
  All the listed exploits have been fixed in the recently released 1.2.8
version of SquirrelMail. These fixes have also been applied to the
current development and stable CVS, 1.3.2 and 1.2.9 respectively.


 \___ Jason Munro
  \___ AIM:jmunr0
   \__ jasonat_private
    \__ http://www.sunflower.com/~jmunro/

Next message: Alex Gantman: "More vulnerabilities (Re: Security side-effects of Word fields)"
Previous message: secureat_private: "[CLA-2002:524] Conectiva Linux Security Announcement - postgresql"
In reply to: DarC KonQuesT: "Squirrel Mail 1.2.7 XSS Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 17:21:11 PDT