Filtered by vendor Squirrelmail
Subscribe
Total
76 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7692 | 1 Squirrelmail | 1 Squirrelmail | 2017-11-03 | 9.0 HIGH | 8.8 HIGH |
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. | |||||
CVE-2007-2589 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 5.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | |||||
CVE-2007-1262 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | |||||
CVE-2006-6142 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." | |||||
CVE-2006-0195 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. | |||||
CVE-2005-2095 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. | |||||
CVE-2005-1769 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. | |||||
CVE-2006-0377 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | |||||
CVE-2006-0188 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. | |||||
CVE-2004-0520 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2017-10-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||||
CVE-2003-0160 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. | |||||
CVE-2005-0104 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | |||||
CVE-2005-0103 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2004-0519 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2017-10-10 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | |||||
CVE-2004-0521 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2017-10-10 | 10.0 HIGH | N/A |
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. | |||||
CVE-2005-0075 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 5.0 MEDIUM | N/A |
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | |||||
CVE-2004-1036 | 2 Gentoo, Squirrelmail | 2 Linux, Squirrelmail | 2017-10-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | |||||
CVE-2009-1579 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-28 | 6.8 MEDIUM | N/A |
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | |||||
CVE-2009-1578 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | |||||
CVE-2009-1581 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-28 | 4.3 MEDIUM | N/A |
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. |