Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-7692
SquirrelMail 1.4.22 (and other versions prior to 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote serve...
Squirrelmail Squirrelmail 1.4.22
1 EDB exploit
NA
CVE-2007-3778
The G/PGP (GPG) Plugin 2.0, and 2.1dev prior to 20060912, for Squirrelmail allows remote malicious users to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter ...
Squirrelmail Gpg Plugin 2.1 Dev
Squirrelmail Gpg Plugin 2.0
NA
CVE-2006-4169
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev prior to 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_ba...
Squirrelmail Gpg Plugin 2.0
Squirrelmail Gpg Plugin 2.1 Dev
NA
CVE-2005-3128
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote malicious users to inject arbitrary web script or HTML via the IMG tag.
Squirrelmail Address Add Plugin 1.9
Squirrelmail Address Add Plugin 2.0
1 EDB exploit
NA
CVE-2005-0239
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote malicious users to execute arbitrary commands via shell metacharacters in the cert parameter.
Squirrelmail S Mime Plugin 0.4
Squirrelmail S Mime Plugin 0.5
NA
CVE-2012-2124
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote malicious users to cause a denial of service (disk consumption) by making many IMAP login attempts with diff...
Redhat Enterprise Linux 4
Squirrelmail Squirrelmail -
Redhat Enterprise Linux 5
8.8
CVSSv3
CVE-2018-8741
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated malicious user to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
Squirrelmail Squirrelmail 1.4.22
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2007-3634
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this informa...
Squirrelmail Gpg Plugin 2.0
NA
CVE-2005-0183
ftpfile in the Vacation plugin 0.15 and previous versions for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.
Squirrelmail Vacation Plugin
NA
CVE-2005-1924
The G/PGP (GPG) Plugin 2.1 and previous versions for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_te...
Squirrelmail Gpg Plugin
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »