Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2012-5623
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
Squirrelmail Change Passwd 4.0
383
VMScore
CVE-2007-3779
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin prior to 20070707 for Squirrelmail allows remote malicious users to include and execute arbitrary local files, related to the MOD parameter.
Squirrelmail Gpg Plugin 2.1
356
VMScore
CVE-2010-1637
The Mail Fetch plugin in SquirrelMail 1.4.20 and previous versions allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
Squirrelmail Squirrelmail
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Fedoraproject Fedora 12
Apple Mac Os X Server
Apple Mac Os X
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 5.0
1 Github repository
1000
VMScore
CVE-2004-0524
Buffer overflow in the chpasswd command in the Change_passwd plugin prior to 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
2 EDB exploits
755
VMScore
CVE-2003-0990
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote malicious users to execute commands via shell metacharacters in the "To:" field.
1 EDB exploit
465
VMScore
CVE-2006-0331
Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.
Thiago Melo De Paula Change Passwd 3.1
1 EDB exploit
NA
CVE-2017-5181
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have ...
1 Article
383
VMScore
CVE-2012-0323
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin prior to 3.0 for SquirrelMail allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Paul Lesniewsk Autocomplete 2.0
Paul Lesniewsk Autocomplete 1.3
Paul Lesniewsk Autocomplete 1.2
Paul Lesniewsk Autocomplete 1.1
Paul Lesniewsk Autocomplete 1.0
Paul Lesniewsk Autocomplete
187
VMScore
CVE-2005-0184
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and previous versions for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
766
VMScore
CVE-2016-10074
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the ...
Swiftmailer Swiftmailer
3 EDB exploits
3 Github repositories
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »