Squirrelmail@1.4.2 Security Vulnerabilities and Issues — Squirrelmail@1.4.2 CVE List

Lucene search

SquirrelmailSquirrelmail1.4.2

6 matches found

CVE•added 2006/02/24 12:2 a.m.•85 views

CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

5CVSS6.8AI score0.01497EPSS

CVE•added 2005/02/06 5:0 a.m.•83 views

CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

5CVSS6.3AI score0.0081EPSS

CVE•added 2010/08/19 6:0 p.m.•73 views

CVE-2010-2813

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences fil...

5CVSS6.2AI score0.04259EPSS

Web

CVE•added 2009/05/14 5:30 p.m.•63 views

CVE-2009-1580

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.

5.8CVSS7.1AI score0.0106EPSS

CVE•added 2011/07/17 8:55 p.m.•58 views

CVE-2011-2752

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.

5.8CVSS6.2AI score0.00676EPSS

CVE•added 2007/05/11 4:20 a.m.•53 views

CVE-2007-2589

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

5CVSS6.6AI score0.00853EPSS