Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1276
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Squirrelmail Squirrelmail 1.2.8
NA
CVE-2005-0152
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote malicious users to execute arbitrary code via "URL manipulation."
Squirrelmail Squirrelmail 1.2.6
9.8
CVSSv3
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Squirrelmail Squirrelmail 1.4.22
NA
CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Squirrelmail Squirrelmail 1.4.15
NA
CVE-2002-1648
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail prior to 1.2.3 allows remote malicious users to send email as other users via an IMG URL with modified send_to and subject parameters.
Squirrelmail Squirrelmail 1.2.2
NA
CVE-2009-0030
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface...
Squirrelmail Squirrelmail 1.4.8
NA
CVE-2002-1649
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail prior to 1.2.3 allows remote malicious users to execute arbitrary Javascript via a javascript: URL in an IMG tag.
Squirrelmail Squirrelmail 1.2.2
NA
CVE-2002-1650
The spell checker plugin (check_me.mod.php) for SquirrelMail prior to 1.2.3 allows remote malicious users to execute arbitrary commands via a modified sqspell_command parameter.
Squirrelmail Squirrelmail 1.2.2
8.8
CVSSv3
CVE-2017-7692
SquirrelMail 1.4.22 (and other versions prior to 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote serve...
Squirrelmail Squirrelmail 1.4.22
1 EDB exploit
NA
CVE-2006-3665
SquirrelMail 1.4.6 and previous versions, with register_globals enabled, allows remote malicious users to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certa...
Squirrelmail Squirrelmail 1.4.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »