Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Squirrelmail Subscribe
Filtered by product Squirrelmail
Total 67 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3635 1 Squirrelmail 2 Gpg Plugin, Squirrelmail 2008-11-14 4.3 MEDIUM N/A
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
CVE-2005-0152 1 Squirrelmail 1 Squirrelmail 2008-09-05 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
CVE-2002-1276 1 Squirrelmail 1 Squirrelmail 2008-09-05 4.3 MEDIUM N/A
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
CVE-2002-1132 1 Squirrelmail 1 Squirrelmail 2008-09-05 5.0 MEDIUM N/A
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
CVE-2002-1131 1 Squirrelmail 1 Squirrelmail 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
CVE-2002-0516 1 Squirrelmail 1 Squirrelmail 2008-09-05 10.0 HIGH N/A
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
CVE-2001-1159 1 Squirrelmail 1 Squirrelmail 2008-09-05 7.5 HIGH N/A
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.