Vulnerabilities > Squirrelmail

DATE	CVE	VULNERABILITY TITLE	RISK
2007-07-15	CVE-2006-4169	Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. network low complexity squirrelmail	5.5
2007-07-10	CVE-2007-3636	Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. network low complexity squirrelmail	7.5
2007-07-10	CVE-2007-3635	Local Security vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. local low complexity squirrelmail	4.3
2007-07-10	CVE-2007-3634	Remote Command Execution vulnerability in Squirrelmail GPG Plugin 2.0 Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. network low complexity squirrelmail	6.5
2007-05-13	CVE-2007-2631	Cross-Site Request Forgery vulnerability in SquirelMail Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. network low complexity squirrelmail	7.5
2007-05-11	CVE-2007-2589	Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. network low complexity squirrelmail CWE-352	5.0
2007-05-11	CVE-2007-1262	Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. network squirrelmail CWE-79	4.3
2006-12-05	CVE-2006-6142	Cross-Site Scripting and Input Validation vulnerability in SquirrelMail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." network squirrelmail	6.8
2006-08-11	CVE-2006-4019	Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. network low complexity squirrelmail	6.4
2006-07-18	CVE-2006-3665	Unspecified vulnerability in Squirrelmail 1.4.6 SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. network squirrelmail	4.3

Vulnerabilities > Squirrelmail {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Squirrelmail"}]}

Vulnerabilities > Squirrelmail