|
|
Log in / Subscribe / Register

squirrelmail: cross-site request forgery

Package(s):squirrelmail CVE #(s):CVE-2009-2964
Created:August 31, 2009 Updated:August 13, 2010
Description:

From the Mandriva advisory:

All form submissions (send message, change preferences, etc.) in SquirrelMail were previously subject to cross-site request forgery (CSRF), wherein data could be sent to them from an offsite location, which could allow an attacker to inject malicious content into user preferences or possibly send emails without user consent (CVE-2009-2964).

Alerts:
Debian DSA-2091-1 squirrelmail 2010-08-12
Mandriva MDVSA-2009:222 squirrelmail 2009-08-28
CentOS CESA-2009:1490 squirrelmail 2009-10-08
Red Hat RHSA-2009:1490-01 squirrelmail 2009-10-08
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds