Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail squirrelmail vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-14933
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup o...
Squirrelmail Squirrelmail 1.4.22
1 Github repository
668
VMScore
CVE-2005-0152
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote malicious users to execute arbitrary code via "URL manipulation."
Squirrelmail Squirrelmail 1.2.6
578
VMScore
CVE-2009-0030
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface...
Squirrelmail Squirrelmail 1.4.8
383
VMScore
CVE-2002-1276
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Squirrelmail Squirrelmail 1.2.8
668
VMScore
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Squirrelmail Squirrelmail 1.4.22
383
VMScore
CVE-2006-3665
SquirrelMail 1.4.6 and previous versions, with register_globals enabled, allows remote malicious users to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certa...
Squirrelmail Squirrelmail 1.4.6
905
VMScore
CVE-2017-7692
SquirrelMail 1.4.22 (and other versions prior to 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote serve...
Squirrelmail Squirrelmail 1.4.22
1 EDB exploit
445
VMScore
CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Squirrelmail Squirrelmail 1.4.15
668
VMScore
CVE-2002-1648
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail prior to 1.2.3 allows remote malicious users to send email as other users via an IMG URL with modified send_to and subject parameters.
Squirrelmail Squirrelmail 1.2.2
383
VMScore
CVE-2002-1649
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail prior to 1.2.3 allows remote malicious users to execute arbitrary Javascript via a javascript: URL in an IMG tag.
Squirrelmail Squirrelmail 1.2.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »