Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Squirrelmail Subscribe
Filtered by product Squirrelmail
Total 67 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6142 1 Squirrelmail 1 Squirrelmail 2017-10-10 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
CVE-2007-1262 1 Squirrelmail 1 Squirrelmail 2017-10-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
CVE-2006-0188 1 Squirrelmail 1 Squirrelmail 2017-10-10 4.3 MEDIUM N/A
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
CVE-2005-2095 1 Squirrelmail 1 Squirrelmail 2017-10-10 4.3 MEDIUM N/A
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
CVE-2005-1769 1 Squirrelmail 1 Squirrelmail 2017-10-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
CVE-2006-0377 1 Squirrelmail 1 Squirrelmail 2017-10-10 5.0 MEDIUM N/A
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
CVE-2006-0195 1 Squirrelmail 1 Squirrelmail 2017-10-10 4.3 MEDIUM N/A
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
CVE-2004-0521 2 Sgi, Squirrelmail 2 Propack, Squirrelmail 2017-10-10 10.0 HIGH N/A
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
CVE-2004-1036 2 Gentoo, Squirrelmail 2 Linux, Squirrelmail 2017-10-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
CVE-2003-0160 1 Squirrelmail 1 Squirrelmail 2017-10-10 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
CVE-2004-0519 2 Sgi, Squirrelmail 2 Propack, Squirrelmail 2017-10-10 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
CVE-2005-0104 1 Squirrelmail 1 Squirrelmail 2017-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
CVE-2005-0103 1 Squirrelmail 1 Squirrelmail 2017-10-10 7.5 HIGH N/A
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
CVE-2005-0075 1 Squirrelmail 1 Squirrelmail 2017-10-10 5.0 MEDIUM N/A
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
CVE-2004-0520 3 Open Webmail, Sgi, Squirrelmail 3 Open Webmail, Propack, Squirrelmail 2017-10-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
CVE-2009-1579 1 Squirrelmail 1 Squirrelmail 2017-09-28 6.8 MEDIUM N/A
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
CVE-2009-1580 1 Squirrelmail 1 Squirrelmail 2017-09-28 5.8 MEDIUM N/A
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
CVE-2009-1581 1 Squirrelmail 1 Squirrelmail 2017-09-28 4.3 MEDIUM N/A
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
CVE-2009-1578 1 Squirrelmail 1 Squirrelmail 2017-09-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
CVE-2008-2379 1 Squirrelmail 1 Squirrelmail 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.