SquirrelMail versions 1.4.3a and below suffer from a cross site scripting issue in the decoding of encoded text in certain headers. It correctly decodes the specially crafted header, but does not sanitize the decoded strings.
7e8ba7c0955736c617724cfb48418a3e21a671ca561f31c735c783a6d3f15e45
Pine Digital Security Advisory PINE-CERT-20040201 - The shmat(2) function has a flaw that allows local users to achieve escalated privileges. Vulnerable systems: FreeBSD versions 2.2.0 and greater, NetBSD versions 1.3 and greater, and OpenBSD versions 2.6 and greater.
a574248c2ca40bfc4b92b9ac9a645d17d7ca2b2477dbce0dd28b3dd3e9b6ce84
FreeBSD Security Advisory FreeBSD-SA-03:17.procfs - A malicious local user could arrange to use a negative or extremely large offset when reading from a procfs "file", causing a system crash, or causing the kernel to return a large portion of kernel memory.
95e6035f8a0720cdbb5f1dc7e6f3eaec332fcab7abca4a91304f917dc8a2abd8
Pine Digital Security Advisory PINE-CERT-20030902 - An integer overflow condition in all versions of FreeBSD could lead to disclosure of kernel memory.
19e199ebba5f002b2f5b355c5a5d6960f5ecfe97e20fc885c026a346d1f05c8f
Pine Digital Security Advisory PINE-CERT-20030901 - An integer overflow condition that is exploitable under FreeBSD versions 4.3 to present allows for a denial of service and/or privilege escalation.
f754c8aed03b7474ca466d0f22cdec167687afafce591d4700b55c4268ac9b84
FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc - A programming error in the readv system call can result in the given file descriptor's reference count being erroneously incremented. A local attacker may cause the operating system to crash by repeatedly calling readv on a file descriptor until the reference count wraps to a negative value, and then calling close on that file descriptor. Similarly, it may be possible to cause a file descriptor to reference unallocated kernel memory, but remain valid. If a new file is later opened and the kernel allocates the new file structure at the same memory location, then an attacker may be able to gain read or write access to that file. This may in turn lead to privilege escalation. This affects releases 4.3-RELEASE through 4.8 RELEASE.
d77bc848ba499127eb6972feeba3dbe40a919dde740117b4638758fd937de5da
Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.
6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
An off by one overflow has been discovered in the channel code of OpenSSH versions 2.0 - 3.0.2. Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. Fix available here.
f862fbf462b1a8965de529058ff2c189f2e7ad5ad9d1c0dde44d02b7424b0163