CVE-2009-2964 Information

Feb 14, 2021 cve

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier and NaSMail before 1.7 allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences related to (1) functions/mailbox_display.php (2) src/addrbook_search_html.php (3) src/addressbook.php (4) src/compose.php (5) src/folders.php (6) src/folders_create.php (7) src/folders_delete.php (8) src/folders_rename_do.php (9) src/folders_rename_getname.php (10) src/folders_subscribe.php (11) src/move_messages.php (12) src/options.php (13) src/options_highlight.php (14) src/options_identities.php (15) src/options_order.php (16) src/search.php and (17) src/vcard.php.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818 http://download.gna.org/nasmail/nasmail-1.7.zip http://jvn.jp/en/jp/JVN30881447/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://osvdb.org/60469 http://secunia.com/advisories/34627 http://secunia.com/advisories/36363 http://secunia.com/advisories/37415 http://secunia.com/advisories/40220 http://secunia.com/advisories/40964 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818 http://support.apple.com/kb/HT4188 http://www.debian.org/security/2010/dsa-2091 http://www.mandriva.com/security/advisories?name=MDVSA-2009:222 http://www.osvdb.org/57001 http://www.securityfocus.com/bid/36196 http://www.squirrelmail.org/security/issue/2009-08-12 http://www.vupen.com/english/advisories/2009/2262 http://www.vupen.com/english/advisories/2009/3315 http://www.vupen.com/english/advisories/2010/1481 http://www.vupen.com/english/advisories/2010/2080 https://bugzilla.redhat.com/show_bug.cgi?id=517312 https://exchange.xforce.ibmcloud.com/vulnerabilities/52406 https://gna.org/forum/forum.php?forum_id=2146 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10668 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html

Share on: