Squirrelmail@1.4.10 Security Vulnerabilities and Issues — Squirrelmail@1.4.10 CVE List

Lucene search

SquirrelmailSquirrelmail1.4.10

11 matches found

CVE•added 2009/05/14 5:30 p.m.•80 views

CVE-2009-1579

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

6.8CVSS7.7AI score0.04764EPSS

CVE•added 2009/05/14 5:30 p.m.•75 views

CVE-2009-1578

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3)...

4.3CVSS6.6AI score0.02924EPSS

CVE•added 2011/07/14 11:55 p.m.•74 views

CVE-2011-2023

Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.

4.3CVSS5.9AI score0.00603EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2813

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences fil...

5CVSS6.2AI score0.05549EPSS

CVE•added 2011/07/14 11:55 p.m.•68 views

CVE-2010-4554

functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS6AI score0.00472EPSS

CVE•added 2009/05/14 5:30 p.m.•63 views

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted me...

4.3CVSS6.6AI score0.01286EPSS

CVE•added 2011/07/17 8:55 p.m.•60 views

CVE-2011-2753

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than ...

6.8CVSS6.6AI score0.00895EPSS

CVE•added 2008/12/05 12:30 a.m.•58 views

CVE-2008-2379

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

4.3CVSS6.6AI score0.0126EPSS

CVE•added 2009/08/25 5:30 p.m.•58 views

CVE-2009-2964

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (...

6.8CVSS7.7AI score0.00863EPSS

CVE•added 2011/07/17 8:55 p.m.•54 views

CVE-2011-2752

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.

5.8CVSS6.2AI score0.00895EPSS

CVE•added 2011/07/14 11:55 p.m.•53 views

CVE-2010-4555

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors a...

4.3CVSS6AI score0.00895EPSS