CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...

squirrelmail -- random variable overwrite vulnerability

The SquirrelMail developers report: A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kamgaing Email System kmail 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 d parameter to main.php, ordner parameter to 2 main.php, or 3 webdisk.php, 4 draft parameter to compose.php, or 5 m, or 6 y...

CVE-2002-1648

CVE-2002-1648 describes a CSRF vulnerability in SquirrelMail’s compose.php prior to version 1.2.3. An attacker can trigger a request via an IMG URL with manipulated send_to and subject parameters to send mail as another user, exploiting cookie-based authentication. Affected software: SquirrelMail...

CVE-2002-1648

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified sendto and subject parameters...