Vulnerabilities > Squirrelmail

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-17	CVE-2018-8741	Path Traversal vulnerability in multiple products A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. network low complexity squirrelmail debian CWE-22	8.8
2017-04-20	CVE-2017-7692	Improper Input Validation vulnerability in Squirrelmail 1.4.22 SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. network low complexity squirrelmail CWE-20	8.8
2010-06-22	CVE-2010-1637	Server-Side Request Forgery (SSRF) vulnerability in multiple products The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. network low complexity squirrelmail fedoraproject apple redhat CWE-918	6.5

Vulnerabilities > Squirrelmail {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Squirrelmail"}]}