Squirrelmail@1.4.3 r3 Security Vulnerabilities and Issues — Squirrelmail@1.4.3 r3 CVE List

Lucene search

SquirrelmailSquirrelmail1.4.3 r3

10 matches found

CVE•added 2006/06/06 8:6 p.m.•103 views

CVE-2006-2842

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by t...

7.5CVSS7.2AI score0.0094EPSS

CVE•added 2006/08/11 9:4 p.m.•99 views

CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

6.4CVSS6.4AI score0.22719EPSS

CVE•added 2006/02/24 12:2 a.m.•91 views

CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/" and " /" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers i...

4.3CVSS5.5AI score0.02644EPSS

CVE•added 2006/02/24 12:2 a.m.•90 views

CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

4.3CVSS5.4AI score0.01309EPSS

CVE•added 2006/12/05 11:28 a.m.•88 views

CVE-2006-6142

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors invo...

6.8CVSS5.5AI score0.04143EPSS

CVE•added 2006/02/24 12:2 a.m.•81 views

CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

5CVSS6.8AI score0.01497EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2813

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences fil...

5CVSS6.2AI score0.04259EPSS

CVE•added 2009/08/25 5:30 p.m.•59 views

CVE-2009-2964

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (...

6.8CVSS7.7AI score0.01028EPSS

CVE•added 2007/05/11 4:20 a.m.•56 views

CVE-2007-1262

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when vi...

4.3CVSS5.4AI score0.01695EPSS

CVE•added 2007/05/11 4:20 a.m.•51 views

CVE-2007-2589

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

5CVSS6.6AI score0.00853EPSS