CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...

SUSE CVE-2004-0520

Cross-site scripting XSS vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using readbody.php...

Crlf injection

CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. dot dot in the file parameter...

CVE-2012-1919

CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. dot dot in the file parameter...

CVE-2012-1919

CVE-2012-1919 affects AtMail Open-Source’s @Mail WebMail Client (mime.php) prior to version 1.05. The vulnerability is a CRLF injection that allows a remote attacker to perform directory traversal and read arbitrary files by injecting a %0A sequence followed by .. in the file parameter, enabling ...

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets CSS positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting XSS and phishing attacks, via a crafted...

CVE-2009-1581

CVE-2009-1581 affects SquirrelMail up to version 1.4.18, where functions/mime.php fails to protect against CSS positioning in HTML email. This allows a remote attacker to spoof the user interface and can enable cross-site scripting (XSS) and phishing via a crafted message. The connected advisorie...

JulmaCMS 1.4 - 'file.php' Remote File Disclosure

JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php dir . $file; $fname = basename$file; $mime = mimetype"mime", $fname; header"Content-Type: $mime";...

JulmaCMS 1.4 - file.php Remote File Disclosure

JulmaCMS 1.4 - file.php Remote File Disclosure JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php dir . $file; $fname = basename$file; $mime =...

MySource 2.14 - 'mime.php?PEAR_PATH' Remote File Inclusion

source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary...

CVE-2004-1036

Cross-site scripting XSS vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML...

CVE-2004-1036

CVE-2004-1036 affects SquirrelMail prior to versions 1.4.3a and earlier, and 1.5.1-cvs before 23 Oct 2004. The vulnerability is a cross-site scripting (XSS) flaw in the decoding of encoded text in certain headers within mime.php, enabling remote attackers to run arbitrary web script or HTML in th...

CVE-2004-1036

Cross-site scripting XSS vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML...

security flaw

Cross-site scripting XSS vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using readbody.php...

CVE-2004-0520

CVE-2004-0520 is a cross-site scripting (XSS) vulnerability in mime.php of SquirrelMail prior to 1.4.3. The issue allows remote attackers to inject arbitrary HTML and script via the content-type mail header, demonstrated via read_body.php. The vulnerability affects the webmail client, with an att...