Lucene search
+L

1281 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.30 views

RHEL 5 : squirrelmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squirrelmail: Insufficient escaping of user-supplied data CVE-2017-7692 - SquirrelMail: Directory travers...

8.8CVSS6.7AI score0.32156EPSS
Exploits13References8
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 4 : squirrelmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 CVE-2012-2124 Note that Nessus has not tested for this issu...

5CVSS6.5AI score0.04048EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 3 : squirrelmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports CVE-2010-1637 -...

6.5CVSS7AI score0.04048EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 5 : squirrelmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squirrelmail: Insufficient escaping of user-supplied data CVE-2017-7692 - squirrelmail: use of unserializ...

7.2AI score0.32156EPSS
Exploits15References11
Openbugbounty
Openbugbounty
added 2024/01/23 4:11 p.m.14 views

squirrelmail.nerdclub.net Cross Site Scripting vulnerability OBB-3841299

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.7 views

SUSE CVE-2004-0519

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...

6.8CVSS6.8AI score0.22528EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.6 views

SUSE CVE-2004-0520

Cross-site scripting XSS vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using readbody.php...

6.8CVSS6.2AI score0.07134EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.4 views

SUSE CVE-2004-1036

Cross-site scripting XSS vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML...

6.8CVSS6.5AI score0.02818EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.4 views

SUSE CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

5CVSS7AI score0.01676EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.4 views

SUSE CVE-2005-0104

Cross-site scripting XSS vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables...

4.3CVSS6AI score0.01837EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.3 views

SUSE CVE-2005-0103

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code...

7.5CVSS7.8AI score0.02342EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.2 views

SUSE CVE-2005-1769

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in 1 the URL or 2 an e-mail message...

4.3CVSS6AI score0.0183EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.7 views

SUSE CVE-2005-1924

The G/PGP GPG Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the fpr parameter to the deleteKey function in gpgkeyring.php, as called by a importkeyfile.php, b importkeytext.php, and c keyringmain.php; and 2 the...

9.3CVSS7.6AI score0.10263EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.2 views

SUSE CVE-2005-2095

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

4.3CVSS6.5AI score0.04242EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS6.2AI score0.02034EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the rightframe parameter. NOTE: this has been called a cross-site scripting XSS issue, but it is different than what is normally identified as XSS...

4.3CVSS6.1AI score0.02002EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.8 views

SUSE CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimapmailboxselect command, aka "IMAP injection."...

5CVSS7.7AI score0.02296EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.4 views

SUSE CVE-2006-2842

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by...

7.5CVSS7.7AI score0.44016EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.8 views

SUSE CVE-2006-3665

SquirrelMail 1.4.6 and earlier, with registerglobals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this...

4.3CVSS6.8AI score0.01177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...

6.4CVSS7.1AI score0.09798EPSS
Exploits4References4
Rows per page
Query Builder