Filtered by vendor Squirrelmail
Subscribe
Total
76 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2086 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. | |||||
CVE-2002-1341 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. | |||||
CVE-2002-1648 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | |||||
CVE-2007-3779 | 1 Squirrelmail | 1 Gpg Plugin | 2012-10-30 | 4.3 MEDIUM | N/A |
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. | |||||
CVE-2012-0323 | 2 Paul Lesniewsk, Squirrelmail | 2 Autocomplete, Squirrelmail | 2012-07-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-2023 | 1 Squirrelmail | 1 Squirrelmail | 2012-02-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. | |||||
CVE-2010-1637 | 1 Squirrelmail | 1 Squirrelmail | 2012-02-13 | 4.0 MEDIUM | N/A |
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | |||||
CVE-2007-3636 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2008-11-14 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | |||||
CVE-2007-3634 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2008-11-14 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
CVE-2007-3635 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2008-11-14 | 4.3 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634. | |||||
CVE-2005-0152 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | |||||
CVE-2002-1276 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 4.3 MEDIUM | N/A |
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | |||||
CVE-2002-1132 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 5.0 MEDIUM | N/A |
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | |||||
CVE-2002-1131 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | |||||
CVE-2002-0516 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 10.0 HIGH | N/A |
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | |||||
CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. |