ReportizFlow
Filtered by vendor Squirrelmail
Subscriptions
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0521 | 3 Redhat, Sgi, Squirrelmail | 3 Enterprise Linux, Propack, Squirrelmail | 2025-04-03 | N/A |
| SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. | ||||
| CVE-2002-1131 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2025-04-03 | N/A |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | ||||
| CVE-2002-1132 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2025-04-03 | N/A |
| SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | ||||
| CVE-2002-1276 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2025-04-03 | N/A |
| An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | ||||
| CVE-2002-1341 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. | ||||
| CVE-2002-1650 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | ||||
| CVE-2006-0188 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. | ||||
| CVE-2006-0195 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. | ||||
| CVE-2006-3174 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | ||||
| CVE-2006-3665 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this. | ||||
| CVE-2002-0516 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | ||||
| CVE-2005-0184 | 1 Squirrelmail | 1 Vacation Plugin | 2025-04-03 | N/A |
| Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request. | ||||
| CVE-2005-1924 | 1 Squirrelmail | 1 Gpg Plugin | 2025-04-03 | N/A |
| The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636. | ||||
| CVE-2005-0075 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | ||||
| CVE-2006-0377 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | ||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | ||||
| CVE-2005-0104 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | ||||
| CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. | ||||
| CVE-2004-0520 | 4 Open Webmail, Redhat, Sgi and 1 more | 4 Open Webmail, Enterprise Linux, Propack and 1 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | ||||
| CVE-2006-4019 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | ||||