Lucene search

K
SquirrelmailSquirrelmail

66 matches found

CVE
CVE
added 2018/08/05 6:29 p.m.47 views

CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<maction xlink:href=" attack.

6.1CVSS5.9AI score0.00402EPSS
CVE
CVE
added 2005/03/28 5:0 a.m.44 views

CVE-2002-1650

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

7.5CVSS7.7AI score0.0282EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.43 views

CVE-2005-0152

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

7.5CVSS7.4AI score0.04621EPSS
CVE
CVE
added 2020/02/13 7:15 p.m.43 views

CVE-2012-5623

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

7.5CVSS7.5AI score0.00148EPSS
CVE
CVE
added 2007/07/10 12:30 a.m.42 views

CVE-2007-3636

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.

7.5CVSS7.4AI score0.05052EPSS
CVE
CVE
added 2002/10/04 4:0 a.m.41 views

CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

7.5CVSS6.6AI score0.02453EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.41 views

CVE-2002-1132

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

5CVSS6.2AI score0.00619EPSS
CVE
CVE
added 2007/07/10 12:30 a.m.41 views

CVE-2007-3635

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.

4.3CVSS6.5AI score0.09756EPSS
CVE
CVE
added 2002/12/18 5:0 a.m.40 views

CVE-2002-1341

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

6.8CVSS5.5AI score0.02702EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.40 views

CVE-2002-2086

Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<

4.3CVSS6AI score0.00675EPSS
CVE
CVE
added 2025/04/02 1:15 p.m.38 views

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

7.2CVSS6AI score0.00053EPSS
CVE
CVE
added 2005/03/28 5:0 a.m.37 views

CVE-2002-1649

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

4.3CVSS6.2AI score0.00764EPSS
CVE
CVE
added 2002/03/15 5:0 a.m.36 views

CVE-2001-1159

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a me...

7.5CVSS8AI score0.01983EPSS
CVE
CVE
added 2002/11/29 5:0 a.m.36 views

CVE-2002-1276

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

4.3CVSS5.5AI score0.00636EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.36 views

CVE-2003-0160

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

5.8CVSS6AI score0.00537EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.33 views

CVE-2006-3665

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

4.3CVSS6.6AI score0.00377EPSS
Total number of security vulnerabilities66