Lucene search
K

29 matches found

NVD
NVD
added 2026/07/01 7:16 p.m.9 views

CVE-2026-58451

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS0.00379EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 7:16 p.m.4 views

UBUNTU-CVE-2026-58451

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 6:16 p.m.23 views

CVE-2026-58451

CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54913

Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.6 views

SUSE CVE-2004-0519

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...

6.8CVSS6.8AI score0.22528EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-2589

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...

5CVSS7.2AI score0.01374EPSS
Exploits1References4
CNVD
CNVD
added 2020/06/22 12:0 a.m.6 views

SquirrelMail Code Issue Vulnerability

SquirrelMail is a set of PHP language development , cross-platform Webmail mail system . A code issue vulnerability exists in the compose.php file in SquirrelMail version 1.4.22. The vulnerability stems from an improper design or implementation during code development for a web system or product...

8.8CVSS7AI score0.01415EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/22 12:0 a.m.9 views

SquirrelMail code issue vulnerability (CNVD-2021-29843)

SquirrelMail is a set of PHP language development , cross-platform Webmail mail system . A code issue vulnerability exists in the compose.php file in SquirrelMail version 1.4.22. The vulnerability stems from an improper design or implementation during code development for a web system or product...

9.8CVSS7AI score0.01431EPSS
Exploits0References1
OSV
OSV
added 2020/06/20 1:15 p.m.5 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

9.8CVSS5.8AI score0.01431EPSS
Exploits0References1
OSV
OSV
added 2020/06/20 1:15 p.m.4 views

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

8.8CVSS7.3AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/06/20 1:15 p.m.33 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

9.8CVSS7.2AI score0.01431EPSS
Exploits0References2
exploitpack
exploitpack
added 2017/02/09 12:0 a.m.19 views

Fome SMS Portal 2.0 - SQL Injection

Fome SMS Portal 2.0 - SQL Injection Exploit Title: Fome SMS Portal Advanced - Bulk SMS Reseller v2.0 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

0.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 9:56 a.m.23 views

CVE-2002-1648

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified sendto and subject parameters...

7.5CVSS7.5AI score0.03437EPSS
Exploits1References2
Prion
Prion
added 2007/12/10 6:46 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter...

4.3CVSS6.2AI score0.0173EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2007/12/08 12:0 a.m.27 views

onl25-xss.txt

Software: OpenNewsletter Homepage: http://www.selfexile.com/projects/opennewsletter Affected version: v2.5 and below Overview: OpenNewsletter si a free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Attack: A non-existant sanitization when parsing the PHP valu...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.39 views

[XSS] OpenNewsletter v2.5 Multipe XSS Attacks

Software: OpenNewsletter Homepage: http://www.selfexile.com/projects/opennewsletter Affected version: v2.5 and below Overview: OpenNewsletter si a free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Attack: A non-existant sanitization when parsing the PHP valu...

1.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/05/11 4:20 a.m.22 views

CVE-2007-2589

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...

5CVSS6.1AI score0.01374EPSS
Exploits1References1
CVE
CVE
added 2007/05/11 3:55 a.m.66 views

CVE-2007-2589

CVE-2007-2589 : A CSRF vulnerability in SquirrelMail 1.4.0–1.4.9a (compose.php) lets an attacker induce actions (sending mail) from an arbitrary user via data in an IMG SRC attribute. This is described across multiple advisories (RHSA-2007:0358, CentOS/RHSA backport, openSUSE/SUSE ESP). The CVSS ...

5CVSS6.6AI score0.01374EPSS
Exploits1References16Affected Software1
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.48 views

SquirrelMail Compose.PHP信息泄露和数据修改漏洞

SquirrelMail是一款基于PHP的WEB MAIL服务程序。 SquirrelMail不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞获得敏感信息或覆盖系统文件。 验证用户可以使用compose.php脚本覆盖随计变量,可能导致读取或覆盖用户参考文件或附件。 SquirrelMail SquirrelMail 1.4.7 SquirrelMail SquirrelMail 1.4.6 -rc1 SquirrelMail SquirrelMail 1.4.6 -cvs SquirrelMail SquirrelMail 1.4.6 SquirrelMail...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/12/05 11:28 a.m.31 views

CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

6.8CVSS6AI score0.01986EPSS
Exploits1References1
Rows per page
Query Builder