Unrated severityNVD Advisory· Published Aug 11, 2006· Updated Apr 16, 2026
CVE-2006-4019
CVE-2006-4019
Description
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
Affected products
15cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
29- secunia.com/advisories/21354nvdPatchVendor Advisory
- www.squirrelmail.org/patches/sqm1.4.7-expired-post-fix-full.patchnvdPatch
- www.squirrelmail.org/security/issue/2006-08-11nvdPatch
- patches.sgi.com/support/free/security/advisories/20061001-01-P.ascnvd
- attrition.org/pipermail/vim/2006-August/000970.htmlnvd
- docs.info.apple.com/article.htmlnvd
- lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlnvd
- marc.infonvd
- secunia.com/advisories/21444nvd
- secunia.com/advisories/21586nvd
- secunia.com/advisories/22080nvd
- secunia.com/advisories/22104nvd
- secunia.com/advisories/22487nvd
- secunia.com/advisories/26235nvd
- securitytracker.com/idnvd
- www.debian.org/security/2006/dsa-1154nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_23_sr.htmlnvd
- www.osvdb.org/27917nvd
- www.redhat.com/support/errata/RHSA-2006-0668.htmlnvd
- www.securityfocus.com/archive/1/442980/100/0/threadednvd
- www.securityfocus.com/archive/1/442993/100/0/threadednvd
- www.securityfocus.com/bid/19486nvd
- www.securityfocus.com/bid/25159nvd
- www.vupen.com/english/advisories/2006/3271nvd
- www.vupen.com/english/advisories/2007/2732nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28365nvd
- issues.rpath.com/browse/RPL-577nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11533nvd
News mentions
0No linked articles in our index yet.