CSRF through HTML message in squirrelmail

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

security flaw

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...

php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...

Three XSS issues in SquirrelMail

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

Debian DSA-1241-1 : squirrelmail - XSS

Martijn Brinkers discovered cross-site scripting vulnerabilities in the mailto parameter of webmail.php, the session and deletedraft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail...

security flaw

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...

[SECURITY] [DSA 1154-1] New squirrelmail packages fix information disclosure

-------------------------------------------------------------------------- Debian Security Advisory DSA 1154-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 20th, 2006 http://www.debian.org/security/faq -...

DSA-1154 squirrelmail - variable overwriting

Bulletin has no description...

CVE-2006-3564

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the email, 2 cond, or 3 name parameters to a addressbook.view.php, 4 the daysprune parameter to b index.php, 5 the datato parameter to c...

CVE-2004-2585

The CVE-2004-2585 entry affects SmarterTools SmarterMail 1.6.1511 and 1.6.1529, where the XSS flaw occurs in frmCompose.aspx, allowing remote attackers to inject arbitrary script/HTML via Javascript in the compose area's “check spelling” feature. The vulnerability arises from how user-supplied in...

CVE-2002-1710

BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...

CVE-2004-1498

CVE-2004-1498 describes a SQL injection in the compose message form of HELM up to version 3.1.19, exploitable via the messageToUserAccNum parameter. The issue allows remote attackers to run arbitrary SQL commands. Affected: HELM 3.1.19 and earlier (HELM frontend/compose logic). Root cause: unsafe...

security flaw

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...