Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-8741
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated malicious user to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
Squirrelmail Squirrelmail 1.4.22
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2017-5181
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have ...
1 Article
9
CVSSv2
CVE-2017-7692
SquirrelMail 1.4.22 (and other versions prior to 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote serve...
Squirrelmail Squirrelmail 1.4.22
1 EDB exploit
7.5
CVSSv2
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
120 Github repositories
7.5
CVSSv2
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
91 Github repositories
7.5
CVSSv2
CVE-2016-10074
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the ...
Swiftmailer Swiftmailer
3 EDB exploits
3 Github repositories
1 Article
5
CVSSv2
CVE-2012-2124
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote malicious users to cause a denial of service (disk consumption) by making many IMAP login attempts with diff...
Redhat Enterprise Linux 4
Squirrelmail Squirrelmail -
Redhat Enterprise Linux 5
4.3
CVSSv2
CVE-2012-0323
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin prior to 3.0 for SquirrelMail allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Paul Lesniewsk Autocomplete 2.0
Paul Lesniewsk Autocomplete 1.3
Paul Lesniewsk Autocomplete 1.2
Paul Lesniewsk Autocomplete 1.1
Paul Lesniewsk Autocomplete 1.0
Paul Lesniewsk Autocomplete
5.8
CVSSv2
CVE-2011-2752
CRLF injection vulnerability in SquirrelMail 1.4.21 and previous versions allows remote malicious users to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
Squirrelmail Squirrelmail 0.3pre2
Squirrelmail Squirrelmail 0.3pre1
Squirrelmail Squirrelmail 1.4.3
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4.4
Squirrelmail Squirrelmail 1.4.16
Squirrelmail Squirrelmail 1.1.2
Squirrelmail Squirrelmail 1.1.3
Squirrelmail Squirrelmail 1.0.6
Squirrelmail Squirrelmail 0.5pre1
Squirrelmail Squirrelmail 1.4.20
Squirrelmail Squirrelmail 1.4.12
Squirrelmail Squirrelmail 1.4.2-r1
Squirrelmail Squirrelmail 1.4.2-r3
Squirrelmail Squirrelmail 1.4.7
Squirrelmail Squirrelmail 1.4.6 Cvs
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 0.3.1
Squirrelmail Squirrelmail 0.3
Squirrelmail Squirrelmail 1.4.13
Squirrelmail Squirrelmail 1.4.15
6.8
CVSSv2
CVE-2011-2753
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and previous versions allow remote malicious users to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_o...
Squirrelmail Squirrelmail 0.1
Squirrelmail Squirrelmail 0.4
Squirrelmail Squirrelmail 1.4.17
Squirrelmail Squirrelmail 1.4.0
Squirrelmail Squirrelmail 1.4.19
Squirrelmail Squirrelmail 1.4.10
Squirrelmail Squirrelmail 1.3.0
Squirrelmail Squirrelmail 1.0pre1
Squirrelmail Squirrelmail 1.0pre2
Squirrelmail Squirrelmail 1.0pre3
Squirrelmail Squirrelmail 0.5pre2
Squirrelmail Squirrelmail 0.5
Squirrelmail Squirrelmail 1.4.11
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.4.2-r2
Squirrelmail Squirrelmail 1.4.2-r5
Squirrelmail Squirrelmail 1.4.2-r4
Squirrelmail Squirrelmail 1.4.6
Squirrelmail Squirrelmail 1.4.5
Squirrelmail Squirrelmail 1.4.10a
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 0.3pre2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »