CVE

Id
18946  
CVE No.
CVE-2006-2842  
Status
Candidate  
Description
** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.  
Phase
Assigned (20060605)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
167532 18946 CVE-2006-2842 BUGTRAQ:20060601 Squirrelmail local file inclusion  View
167533 18946 CVE-2006-2842 URL:http://www.securityfocus.com/archive/1/archive/1/435605/100/0/threaded  View
167534 18946 CVE-2006-2842 CONFIRM:http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE  View
167535 18946 CVE-2006-2842 CONFIRM:http://www.squirrelmail.org/security/issue/2006-06-01  View
167536 18946 CVE-2006-2842 CONFIRM:http://docs.info.apple.com/article.html?artnum=306172  View
167537 18946 CVE-2006-2842 APPLE:APPLE-SA-2007-07-31  View
167538 18946 CVE-2006-2842 URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html  View
167539 18946 CVE-2006-2842 MANDRIVA:MDKSA-2006:101  View
167540 18946 CVE-2006-2842 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:101  View
167541 18946 CVE-2006-2842 REDHAT:RHSA-2006:0547  View
167542 18946 CVE-2006-2842 URL:http://www.redhat.com/support/errata/RHSA-2006-0547.html  View
167543 18946 CVE-2006-2842 SGI:20060703-01-P  View
167544 18946 CVE-2006-2842 URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc  View
167545 18946 CVE-2006-2842 SUSE:SUSE-SR:2006:017  View
167546 18946 CVE-2006-2842 URL:http://www.novell.com/linux/security/advisories/2006_17_sr.html  View
167547 18946 CVE-2006-2842 BID:18231  View
167548 18946 CVE-2006-2842 URL:http://www.securityfocus.com/bid/18231  View
167549 18946 CVE-2006-2842 BID:25159  View
167550 18946 CVE-2006-2842 URL:http://www.securityfocus.com/bid/25159  View
167551 18946 CVE-2006-2842 OVAL:oval:org.mitre.oval:def:11670  View
167552 18946 CVE-2006-2842 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11670  View
167553 18946 CVE-2006-2842 VUPEN:ADV-2006-2101  View
167554 18946 CVE-2006-2842 URL:http://www.vupen.com/english/advisories/2006/2101  View
167555 18946 CVE-2006-2842 VUPEN:ADV-2007-2732  View
167556 18946 CVE-2006-2842 URL:http://www.vupen.com/english/advisories/2007/2732  View
167557 18946 CVE-2006-2842 SECTRACK:1016209  View
167558 18946 CVE-2006-2842 URL:http://securitytracker.com/id?1016209  View
167559 18946 CVE-2006-2842 SECUNIA:20406  View
167560 18946 CVE-2006-2842 URL:http://secunia.com/advisories/20406  View
167561 18946 CVE-2006-2842 SECUNIA:20931  View
167562 18946 CVE-2006-2842 URL:http://secunia.com/advisories/20931  View
167563 18946 CVE-2006-2842 SECUNIA:21159  View
167564 18946 CVE-2006-2842 URL:http://secunia.com/advisories/21159  View
167565 18946 CVE-2006-2842 SECUNIA:21262  View
167566 18946 CVE-2006-2842 URL:http://secunia.com/advisories/21262  View
167567 18946 CVE-2006-2842 SECUNIA:26235  View

Related JVN