Vulnerabilities > Open Webmail > Open Webmail > 2.31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2284 | Remote Command Execution Variant vulnerability in Open WebMail Vacation.PL The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | 10.0 |
2004-08-18 | CVE-2004-0520 | HTML Injection vulnerability in SquirrelMail Email Header Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | 6.8 |
2004-08-06 | CVE-2004-0639 | HTML Injection vulnerability in SquirrelMail From Email Header Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | 6.8 |