The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.squirrelmail.org/security/issue/2005-01-14 http://www.squirrelmail.org/security/issue/2005-01-19 http://www.squirrelmail.org/security/issue/2005-01-20 http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662 http://www.vuxml.org/freebsd/79630c0c-8dcc-45d0-9908-4087fe1d618c.html

The following packages are affected: squirrelmail ja-squirrelmail CVE-2004-1036 Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. CVE-2005-0075 prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. CVE-2005-0103 PHP remote code injection vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. CVE-2005-0104 Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.