Vulnerabilities > CVE-2007-3636 - Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

squirrelmail

exploit available

NVD

Published: 2007-07-10

Updated: 2008-11-15

Summary

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.

Vulnerable Configurations

Part	Description	Count
Application	Squirrelmail Squirrelmail GPG Plugin 2.0 Squirrelmail Squirrelmail 1.4.10A	2

Exploit-Db

description	SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 Multiple Unspecified Remote Command Execution Vulnerabilities. CVE-2007-3636. Webapps exploit for php platform
id	EDB-ID:30283
last seen	2016-02-03
modified	2007-07-09
published	2007-07-09
reporter	Stefan Esser
source	https://www.exploit-db.com/download/30283/
title	SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities

Statements

contributor	Mark J Cox
lastmodified	2007-07-10
organization	Red Hat
statement	Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.

Summary

Vulnerable Configurations

Exploit-Db

Statements

References