Squirrelmail Security Vulnerabilities and Issues — Squirrelmail CVE List

Lucene search

SquirrelmailSquirrelmail

8 matches found

CVE•added 2006/06/06 8:6 p.m.•103 views

CVE-2006-2842

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by t...

7.5CVSS7.2AI score0.0094EPSS

CVE•added 2006/08/11 9:4 p.m.•99 views

CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

6.4CVSS6.4AI score0.22719EPSS

CVE•added 2006/02/24 12:2 a.m.•91 views

CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/" and " /" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers i...

4.3CVSS5.5AI score0.02644EPSS

CVE•added 2006/02/24 12:2 a.m.•90 views

CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

4.3CVSS5.4AI score0.01309EPSS

CVE•added 2006/06/23 12:2 a.m.•88 views

CVE-2006-3174

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

2.6CVSS5.5AI score0.01164EPSS

CVE•added 2006/12/05 11:28 a.m.•88 views

CVE-2006-6142

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors invo...

6.8CVSS5.5AI score0.04143EPSS

CVE•added 2006/02/24 12:2 a.m.•81 views

CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

5CVSS6.8AI score0.01497EPSS

CVE•added 2006/07/18 3:47 p.m.•33 views

CVE-2006-3665

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.

4.3CVSS6.6AI score0.00377EPSS