CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of for example a NOEMBED,...

6.1CVSS5.9AI score0.00873EPSS

Exploits2References4

RedHat Linux•added 2005/02/15 9:3 a.m.•33 views

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner...

7.5CVSS5.1AI score0.03446EPSS

Exploits0References7

RedHat Linux•added 2005/02/10 5:10 p.m.•32 views

Low: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

7.5CVSS5.2AI score0.03446EPSS

Exploits0References7

Tenable Nessus•added 2005/02/10 12:0 a.m.•25 views

RHEL 3 : squirrelmail (RHSA-2005:135)

7.5CVSS5AI score0.03446EPSS

Exploits0References11

FreeBSD•added 2005/01/29 12:0 a.m.•29 views

squirrelmail -- XSS and remote code injection vulnerabilities

A SquirrelMail Security Advisory reports: SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in...

6.8CVSS5.8AI score0.03177EPSS

Exploits0References4

NVD•added 2005/01/24 5:0 a.m.•13 views

CVE-2005-0103

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code...

7.5CVSS7.3AI score0.03446EPSS

Exploits0References9

RedHat Linux•added 2004/12/23 8:23 p.m.•32 views

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which...

6.8CVSS5.7AI score0.03177EPSS

Exploits0References4

Tenable Nessus•added 2004/11/29 12:0 a.m.•25 views

Fedora Core 2 : squirrelmail-1.4.3a-6.FC2 (2004-471)

Fri Nov 19 2004 Warren Togami 1.4.3a-6.FC2 - FC2 - Fri Nov 19 2004 Warren Togami 1.4.3a-7 - CVE-2004-1036 Cross Site Scripting in encoded text - 112769 updated splash screens - Thu Oct 14 2004 Warren Togami 1.4.3a-5 - defaultfolderprefix dovecot compatible by default...

6.8CVSS5.3AI score0.03177EPSS

Exploits0References1

Tenable Nessus•added 2004/09/29 12:0 a.m.•28 views

Debian DSA-220-1 : squirrelmail - XSS

A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, In...

6.8CVSS4.8AI score0.02702EPSS

Exploits0References2

RedHat Linux•added 2004/06/14 3:45 p.m.•36 views

Important: Red Hat Security Advisory: squirrelmail security update

An updated SquirrelMail package that fixes several security vulnerabilities is now available. SquirrelMail is a webmail package written in PHP. Multiple vulnerabilities have been found which affect the version of SquirrelMail shipped with Red Hat Enterprise Linux 3. An SQL injection flaw was foun...

10CVSS6AI score0.14932EPSS

Exploits2References3

Debian•added 2002/11/11 9:2 a.m.•19 views

[SECURITY] [DSA 191-2] New squirrelmail packages fix problem in options page

-------------------------------------------------------------------------- Debian Security Advisory DSA 191-2 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2002 http://www.debian.org/security/faq -...

7.5CVSS0.3AI score0.02841EPSS

Exploits3

NVD•added 2002/10/04 4:0 a.m.•12 views

CVE-2002-1132

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script...

5CVSS6.3AI score0.00886EPSS

Exploits1References5

NVD•added 2002/08/12 4:0 a.m.•11 views

CVE-2002-0516

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie...

10CVSS7.2AI score0.05751EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by