SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

Frame content changing in webmail.php

Date:
2005-01-19
Description:
Insufficient checking of incoming URL vars allowed for an attacker to include arbitrary remote web pages in the SquirrelMail frameset.
Affected Versions:
<= 1.4.4-RC1
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2005-0103
Patch:
view patch
Credits:
Thanks to Manoel Zaninetti for notifying us about this issue.
This page last updated:
2007-07-03 13:00:04
© 1999-2010 by The SquirrelMail Project Team