Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2002-0516
SquirrelMail 1.2.5 and previous versions allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.4
1 EDB exploit
4.3
CVSSv2
CVE-2005-1769
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 up to and including 1.4.4 allow remote malicious users to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.44
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
4.3
CVSSv2
CVE-2002-2086
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail prior to 1.2.6 allow remote malicious users to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an I...
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.0
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.2
1 Github repository
6.8
CVSSv2
CVE-2002-1341
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and previous versions allows remote malicious users to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.6
7.5
CVSSv2
CVE-2001-1159
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and previous versions do not properly initialize certain PHP variables, which allows remote malicious users to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by usi...
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.0.5
6.8
CVSSv2
CVE-2007-6348
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net prior to 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote malicious users to execute arbitrary code.
Squirrelmail Squirrelmail 1.4.11
Squirrelmail Squirrelmail 1.4.12
4.3
CVSSv2
CVE-2007-3635
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin prior to 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
Squirrelmail Squirrelmail 1.4.10a
Squirrelmail Gpg Plugin 2.0
7.5
CVSSv2
CVE-2007-3636
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
Squirrelmail Gpg Plugin 2.0
Squirrelmail Squirrelmail 1.4.10a
1 EDB exploit
2.6
CVSSv2
CVE-2006-3174
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary HTML via the mailbox parameter.
Squirrelmail Squirrelmail
7.5
CVSSv2
CVE-2007-2631
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and previous versions allows remote malicious users to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
Squirrelmail Squirrelmail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »