Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail squirrelmail 1.0.5 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2001-1159
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and previous versions do not properly initialize certain PHP variables, which allows remote malicious users to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by usi...
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.0.5
6.8
CVSSv2
CVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote malicious users to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.2.9
Sgi Propack 3.0
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.2.7
1 EDB exploit
10
CVSSv2
CVE-2004-0521
SQL injection vulnerability in SquirrelMail prior to 1.4.3 RC1 allows remote malicious users to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4
Sgi Propack 3.0
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
7.5
CVSSv2
CVE-2005-0103
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail prior to 1.4.4 allows remote malicious users to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.3a
5
CVSSv2
CVE-2005-0075
prefs.php in SquirrelMail prior to 1.4.4, with register_globals enabled, allows remote malicious users to inject local code into the SquirrelMail code via custom preference handlers.
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4
4.3
CVSSv2
CVE-2005-0104
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail prior to 1.4.4 allows remote malicious users to inject arbitrary web script or HTML via certain integer variables.
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.44
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.0
4.3
CVSSv2
CVE-2005-2095
options_identities.php in SquirrelMail 1.4.4 and previous versions uses the extract function to process the $_POST variable, which allows remote malicious users to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.44
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
1 EDB exploit
6.8
CVSSv2
CVE-2004-1036
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and previous versions, and 1.5.1-cvs prior to 23rd October 2004, allows remote malicious users to execute arbitrary web script or HTML.
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.5 Dev
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
Gentoo Linux
7.5
CVSSv2
CVE-2006-2842
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and previous versions, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE...
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.4.4 Rc1
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.4
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2009-1578
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail prior to 1.4.18 and NaSMail prior to 1.7 allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_heade...
Squirrelmail Squirrelmail 1.4.10a
Squirrelmail Squirrelmail 1.4.10
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.1.2
Squirrelmail Squirrelmail 1.1.3
Squirrelmail Squirrelmail 1.0
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 0.4pre1
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 0.3pre1
Squirrelmail Squirrelmail
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.11
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.4.0 Rc1
Squirrelmail Squirrelmail 1.2
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »