Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-5623
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
Squirrelmail Change Passwd 4.0
4.3
CVSSv2
CVE-2007-3779
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin prior to 20070707 for Squirrelmail allows remote malicious users to include and execute arbitrary local files, related to the MOD parameter.
Squirrelmail Gpg Plugin 2.1
4
CVSSv2
CVE-2010-1637
The Mail Fetch plugin in SquirrelMail 1.4.20 and previous versions allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
Squirrelmail Squirrelmail
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Fedoraproject Fedora 12
Apple Mac Os X Server
Apple Mac Os X
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 5.0
1 Github repository
10
CVSSv2
CVE-2004-0524
Buffer overflow in the chpasswd command in the Change_passwd plugin prior to 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
2 EDB exploits
7.5
CVSSv2
CVE-2003-0990
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote malicious users to execute commands via shell metacharacters in the "To:" field.
1 EDB exploit
4.6
CVSSv2
CVE-2006-0331
Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.
Thiago Melo De Paula Change Passwd 3.1
1 EDB exploit
NA
CVE-2017-5181
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have ...
1 Article
4.3
CVSSv2
CVE-2012-0323
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin prior to 3.0 for SquirrelMail allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Paul Lesniewsk Autocomplete 2.0
Paul Lesniewsk Autocomplete 1.3
Paul Lesniewsk Autocomplete 1.2
Paul Lesniewsk Autocomplete 1.1
Paul Lesniewsk Autocomplete 1.0
Paul Lesniewsk Autocomplete
2.1
CVSSv2
CVE-2005-0184
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and previous versions for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
7.5
CVSSv2
CVE-2016-10074
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the ...
Swiftmailer Swiftmailer
3 EDB exploits
3 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »