Squirrelmail Security Vulnerabilities and Issues — Squirrelmail CVE List

Lucene search

SquirrelmailSquirrelmail

10 matches found

CVE•added 2006/02/24 12:2 a.m.•81 views

CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

5CVSS6.8AI score0.01608EPSS

CVE•added 2005/02/06 5:0 a.m.•80 views

CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

5CVSS6.3AI score0.00826EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2813

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences fil...

5CVSS6.2AI score0.05549EPSS

CVE•added 2013/01/18 11:48 a.m.•63 views

CVE-2012-2124

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading ...

5CVSS6.4AI score0.05549EPSS

CVE•added 2009/05/14 5:30 p.m.•60 views

CVE-2009-1580

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.

5.8CVSS7.1AI score0.01026EPSS

CVE•added 2011/07/17 8:55 p.m.•54 views

CVE-2011-2752

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.

5.8CVSS6.2AI score0.00895EPSS

CVE•added 2008/09/24 2:56 p.m.•52 views

CVE-2008-3663

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5CVSS7.3AI score0.01272EPSS

CVE•added 2007/05/11 4:20 a.m.•51 views

CVE-2007-2589

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

5CVSS6.6AI score0.01118EPSS

CVE•added 2004/09/01 4:0 a.m.•41 views

CVE-2002-1132

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

5CVSS6.2AI score0.00619EPSS

CVE•added 2003/04/02 5:0 a.m.•36 views

CVE-2003-0160

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

5.8CVSS6AI score0.00537EPSS