Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail squirrelmail 1.4.8 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2009-0030
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface...
Squirrelmail Squirrelmail 1.4.8
4.3
CVSSv2
CVE-2007-1262
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 up to and including 1.4.9a allow remote malicious users to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets t...
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.4.9a
Squirrelmail Squirrelmail 1.4.6
Squirrelmail Squirrelmail 1.4.7
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.4 Rc1
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.9
Squirrelmail Squirrelmail 1.4.8
Squirrelmail Squirrelmail 1.4.6 Cvs
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.4.4
Squirrelmail Squirrelmail 1.4.3aa
Squirrelmail Squirrelmail 1.4.5
5
CVSSv2
CVE-2007-2589
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 up to and including 1.4.9a allows remote malicious users to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.4.9a
Squirrelmail Squirrelmail 1.4.6
Squirrelmail Squirrelmail 1.4.7
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.4 Rc1
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.9
Squirrelmail Squirrelmail 1.4.8
Squirrelmail Squirrelmail 1.4.6 Cvs
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.4.4
Squirrelmail Squirrelmail 1.4.3aa
Squirrelmail Squirrelmail 1.4.5
5
CVSSv2
CVE-2010-2813
functions/imap_general.php in SquirrelMail prior to 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote malicious users to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creat...
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.5 Rc1
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.3 R3
Squirrelmail Squirrelmail 1.4.0-r1
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
Squirrelmail Squirrelmail 1.4.6
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.7
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.15
Squirrelmail Squirrelmail 1.4.2-r3
Squirrelmail Squirrelmail 1.4.4 Rc1
Squirrelmail Squirrelmail 1.4.16
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.4.15 Rc1
Squirrelmail Squirrelmail 1.4.2-r5
Squirrelmail Squirrelmail 1.4.4
4.3
CVSSv2
CVE-2008-2379
Cross-site scripting (XSS) vulnerability in SquirrelMail prior to 1.4.17 allows remote malicious users to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
Squirrelmail Squirrelmail 1.3.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.4.5 Rc1
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 1.1.0
Squirrelmail Squirrelmail 1.4.6 Rc1
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 0.1.2
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.0.1
Squirrelmail Squirrelmail 0.2.1
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
Squirrelmail Squirrelmail 1.4.6
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.4.7
Squirrelmail Squirrelmail 1.4.3 Rc1
4.3
CVSSv2
CVE-2011-2023
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail prior to 1.4.22 allows remote malicious users to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
Squirrelmail Squirrelmail 1.3.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.1.0
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.0-r1
Squirrelmail Squirrelmail 0.1.2
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.0.1
Squirrelmail Squirrelmail 0.2.1
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
5.8
CVSSv2
CVE-2011-2752
CRLF injection vulnerability in SquirrelMail 1.4.21 and previous versions allows remote malicious users to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
Squirrelmail Squirrelmail 1.3.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.1.0
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.0-r1
Squirrelmail Squirrelmail 0.1.2
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.0.1
Squirrelmail Squirrelmail 0.2.1
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
6.8
CVSSv2
CVE-2011-2753
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and previous versions allow remote malicious users to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_o...
Squirrelmail Squirrelmail 1.3.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.1.0
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.0-r1
Squirrelmail Squirrelmail 0.1.2
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.0.1
Squirrelmail Squirrelmail 0.2.1
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
4.3
CVSSv2
CVE-2010-4554
functions/page_header.php in SquirrelMail 1.4.21 and previous versions does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Squirrelmail Squirrelmail 1.3.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.1.0
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.0-r1
Squirrelmail Squirrelmail 0.1.2
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.0.1
Squirrelmail Squirrelmail 0.2.1
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
4.3
CVSSv2
CVE-2010-4555
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and previous versions allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spe...
Squirrelmail Squirrelmail 1.3.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 0.4pre2
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.1.0
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.0-r1
Squirrelmail Squirrelmail 0.1.2
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.0.1
Squirrelmail Squirrelmail 0.2.1
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.9a
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »