Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2005-1924

EPSS 9.57% · P93
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2005-1924

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
SquirrelMail G/PGP加密插件多个远程命令执行漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SquirrelMail是一个多功能的用PHP4实现的Webmail程序,可运行于Linux/Unix类操作系统下。 SquirrelMail的实现上存在多个输入验证漏洞,远程攻击者可能利用这些漏洞在服务器上执行任意命令。SquirrelMail中的G/PGP加密插件没有正确地过滤所包含的某些文件,gpg_help.php和gpg_help_base.php文件中可能包含有通过""help"" HTTP GET请求参数所提供的本地文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2005-1924

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2005-1924

Please Login to view more intelligence information

Same Patch Batch · n/a · 2007-07-15 · 44 CVEs total

CVE-2007-2392Apple QuickTime内存破坏漏洞
CVE-2007-2396Apple QuickTime 任意代码执行安全漏洞
CVE-2007-2394Apple QuickTime 整数溢出漏洞
CVE-2007-2397Apple QuickTime远程任意代码执行漏洞
CVE-2007-3645FreeBSD libarchive畸形文档处理拒绝服务漏洞
CVE-2007-3673Symantec AntiVirus symtdi.sys驱动本地权限提升漏洞
CVE-2007-3768SurgeFTP PASV指令拒绝服务漏洞
CVE-2007-3769SurgeFTP 跨站脚本漏洞
CVE-2007-3770Xfce-Terminal远程命令注入漏洞
CVE-2007-2417Progress Software Progress和OpenEdge 缓冲区错误漏洞
CVE-2007-2393Apple QuickTime 安全机制绕过漏洞
CVE-2006-5277Cisco Unified Communications Manager单字节溢出漏洞
CVE-2007-3783enVivo!CMS default.asp SQL注入漏洞
CVE-2007-3782MySQL 权限许可漏洞
CVE-2007-3781MySQL访问验证漏洞
CVE-2007-3780MySQL 验证报文畸形口令拒绝服务漏洞
CVE-2007-3779Squirrelmail G/PGP (GPG) gpg_pop_init.php远程执行漏洞
CVE-2007-3778Squirrelmail G/PGP (GPG) Plugin gpg_hook_functions.php远程执行漏洞
CVE-2007-3777AVG Anti-Virus 本地特权提升漏洞
CVE-2007-3776Cisco Unified Communications Manager及Presence Server非授权访问敏感信息泄露漏洞

Showing top 20 of 44 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2005-1924

No comments yet

Leave a comment