SUSE CVE-2004-0519

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...

SUSE CVE-2007-2589

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...

SquirrelMail code issue vulnerability (CNVD-2021-29843)

SquirrelMail is a set of PHP language development , cross-platform Webmail mail system . A code issue vulnerability exists in the compose.php file in SquirrelMail version 1.4.22. The vulnerability stems from an improper design or implementation during code development for a web system or product...

SquirrelMail Code Issue Vulnerability

SquirrelMail is a set of PHP language development , cross-platform Webmail mail system . A code issue vulnerability exists in the compose.php file in SquirrelMail version 1.4.22. The vulnerability stems from an improper design or implementation during code development for a web system or product...

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

Fome SMS Portal 2.0 - SQL Injection

Fome SMS Portal 2.0 - SQL Injection Exploit Title: Fome SMS Portal Advanced - Bulk SMS Reseller v2.0 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

CVE-2002-1648

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified sendto and subject parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter...

onl25-xss.txt

Software: OpenNewsletter Homepage: http://www.selfexile.com/projects/opennewsletter Affected version: v2.5 and below Overview: OpenNewsletter si a free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Attack: A non-existant sanitization when parsing the PHP valu...

[XSS] OpenNewsletter v2.5 Multipe XSS Attacks

Software: OpenNewsletter Homepage: http://www.selfexile.com/projects/opennewsletter Affected version: v2.5 and below Overview: OpenNewsletter si a free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Attack: A non-existant sanitization when parsing the PHP valu...

CVE-2007-2589

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...

CVE-2007-2589

CVE-2007-2589 : A CSRF vulnerability in SquirrelMail 1.4.0–1.4.9a (compose.php) lets an attacker induce actions (sending mail) from an arbitrary user via data in an IMG SRC attribute. This is described across multiple advisories (RHSA-2007:0358, CentOS/RHSA backport, openSUSE/SUSE ESP). The CVSS ...

SquirrelMail Compose.PHP信息泄露和数据修改漏洞

SquirrelMail是一款基于PHP的WEB MAIL服务程序。 SquirrelMail不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞获得敏感信息或覆盖系统文件。 验证用户可以使用compose.php脚本覆盖随计变量，可能导致读取或覆盖用户参考文件或附件。 SquirrelMail SquirrelMail 1.4.7 SquirrelMail SquirrelMail 1.4.6 -rc1 SquirrelMail SquirrelMail 1.4.6 -cvs SquirrelMail SquirrelMail 1.4.6 SquirrelMail...

CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

CVE-2006-6142

CVE-2006-6142 covers multiple XSS vulnerabilities in SquirrelMail 1.4.0–1.4.9. Vulnerabilities include injection of arbitrary web script/HTML via the mailto parameter in webmail.php, the session and delete_draft parameters in compose.php, and additional vectors related to a flaw in the magicHTML ...

SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting

The installed version of SquirrelMail allows for restoring expired sessions in an unsafe manner. Using a specially crafted expired session and compose.php, a user can leverage this issue to take control of arbitrary variables used by the affected application, which can lead to other attacks again...

SquirrelMail WebMail unauthorized access

By changing internal compose.php variables it's possible to access files of settings of different users...

CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...