29 matches found
CVE-2026-58451
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...
UBUNTU-CVE-2026-58451
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...
CVE-2026-58451
CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...
PT-2026-54913
Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...
SUSE CVE-2004-0519
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...
SUSE CVE-2007-2589
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...
SquirrelMail Code Issue Vulnerability
SquirrelMail is a set of PHP language development , cross-platform Webmail mail system . A code issue vulnerability exists in the compose.php file in SquirrelMail version 1.4.22. The vulnerability stems from an improper design or implementation during code development for a web system or product...
SquirrelMail code issue vulnerability (CNVD-2021-29843)
SquirrelMail is a set of PHP language development , cross-platform Webmail mail system . A code issue vulnerability exists in the compose.php file in SquirrelMail version 1.4.22. The vulnerability stems from an improper design or implementation during code development for a web system or product...
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
CVE-2020-14933
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
Fome SMS Portal 2.0 - SQL Injection
Fome SMS Portal 2.0 - SQL Injection Exploit Title: Fome SMS Portal Advanced - Bulk SMS Reseller v2.0 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...
CVE-2002-1648
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified sendto and subject parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter...
onl25-xss.txt
Software: OpenNewsletter Homepage: http://www.selfexile.com/projects/opennewsletter Affected version: v2.5 and below Overview: OpenNewsletter si a free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Attack: A non-existant sanitization when parsing the PHP valu...
[XSS] OpenNewsletter v2.5 Multipe XSS Attacks
Software: OpenNewsletter Homepage: http://www.selfexile.com/projects/opennewsletter Affected version: v2.5 and below Overview: OpenNewsletter si a free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Attack: A non-existant sanitization when parsing the PHP valu...
CVE-2007-2589
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...
CVE-2007-2589
CVE-2007-2589 : A CSRF vulnerability in SquirrelMail 1.4.0–1.4.9a (compose.php) lets an attacker induce actions (sending mail) from an arbitrary user via data in an IMG SRC attribute. This is described across multiple advisories (RHSA-2007:0358, CentOS/RHSA backport, openSUSE/SUSE ESP). The CVSS ...
SquirrelMail Compose.PHP信息泄露和数据修改漏洞
SquirrelMail是一款基于PHP的WEB MAIL服务程序。 SquirrelMail不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞获得敏感信息或覆盖系统文件。 验证用户可以使用compose.php脚本覆盖随计变量,可能导致读取或覆盖用户参考文件或附件。 SquirrelMail SquirrelMail 1.4.7 SquirrelMail SquirrelMail 1.4.6 -rc1 SquirrelMail SquirrelMail 1.4.6 -cvs SquirrelMail SquirrelMail 1.4.6 SquirrelMail...
CVE-2006-6142
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...