CVE-2007-3634
published 2007-07-10CVE-2007-3634: Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via…
PriorityP430medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.62%
73.0th percentile
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| squirrelmail | gpg_plugin | — | — |
| squirrelmail | squirrelmail | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2007-3635: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2
vendor_redhat·CVSS 9.3
CVE-2007-3635 [CRITICAL] CVE-2007-3635: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
Statement: Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.
Red Hat
CVE-2007-3634: Unspecified vulnerability in the G/PGP (GPG) Plugin 2
vendor_redhat·CVSS 6.5
CVE-2007-3634 [MEDIUM] CVE-2007-3634: Unspecified vulnerability in the G/PGP (GPG) Plugin 2
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Statement: Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.
GHSA
GHSA-qxqw-pch2-xr57: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-3635 [CRITICAL] GHSA-qxqw-pch2-xr57: Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
GHSA
GHSA-884p-rv7w-x8h6: Unspecified vulnerability in the G/PGP (GPG) Plugin 2
ghsa_unreviewed·2022-05-01
CVE-2007-3634 [MEDIUM] GHSA-884p-rv7w-x8h6: Unspecified vulnerability in the G/PGP (GPG) Plugin 2
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
No detection rules found.
No writeups or analysis indexed.
http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.htmlhttp://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.htmlhttp://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.htmlhttp://osvdb.org/45788http://www.attrition.org/pipermail/vim/2007-July/001703.htmlhttp://www.securityfocus.com/bid/24782http://www.wslabi.com/wabisabilabi/initPublishedBid.do?http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.htmlhttp://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.htmlhttp://lists.immunitysec.com/pipermail/dailydave/2007-July/004453.htmlhttp://osvdb.org/45788http://www.attrition.org/pipermail/vim/2007-July/001703.htmlhttp://www.securityfocus.com/bid/24782http://www.wslabi.com/wabisabilabi/initPublishedBid.do?
2007-07-10
Published