Squirrelmail Security Vulnerabilities and Issues — Squirrelmail CVE List

Lucene search

SquirrelmailSquirrelmail

11 matches found

CVE•added 2005/02/06 5:0 a.m.•127 views

CVE-2005-0103

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.

7.5CVSS7.2AI score0.03446EPSS

CVE•added 2005/03/01 5:0 a.m.•118 views

CVE-2004-1036

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

6.8CVSS5.9AI score0.03177EPSS

CVE•added 2005/07/13 4:0 a.m.•102 views

CVE-2005-2095

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

4.3CVSS8.8AI score0.1115EPSS

CVE•added 2005/02/06 5:0 a.m.•93 views

CVE-2005-0104

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.

4.3CVSS5.4AI score0.01372EPSS

CVE•added 2005/06/20 4:0 a.m.•87 views

CVE-2005-1769

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.

4.3CVSS8.1AI score0.01697EPSS

CVE•added 2005/02/06 5:0 a.m.•80 views

CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

5CVSS6.3AI score0.00826EPSS

CVE•added 2005/03/28 5:0 a.m.•62 views

CVE-2002-1648

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

7.5CVSS6.7AI score0.01268EPSS

CVE•added 2005/03/28 5:0 a.m.•44 views

CVE-2002-1650

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

7.5CVSS7.7AI score0.0282EPSS

CVE•added 2005/02/06 5:0 a.m.•43 views

CVE-2005-0152

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

7.5CVSS7.4AI score0.04621EPSS

CVE•added 2005/07/14 4:0 a.m.•40 views

CVE-2002-2086

Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<

4.3CVSS6AI score0.00675EPSS

CVE•added 2005/03/28 5:0 a.m.•37 views

CVE-2002-1649

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

4.3CVSS6.2AI score0.00764EPSS