Vulnerabilities > Squirrelmail

DATE CVE VULNERABILITY TITLE RISK
2007-07-15 CVE-2006-4169 Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a ..
network
low complexity
squirrelmail
5.5
2007-07-10 CVE-2007-3636 Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
squirrelmail
7.5
2007-07-10 CVE-2007-3635 Local Security vulnerability in Squirrelmail GPG Plugin and Squirrelmail
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors.
local
low complexity
squirrelmail
4.3
2007-07-10 CVE-2007-3634 Remote Command Execution vulnerability in Squirrelmail GPG Plugin 2.0
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004.
network
low complexity
squirrelmail
6.5
2007-05-13 CVE-2007-2631 Cross-Site Request Forgery vulnerability in SquirelMail
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
network
low complexity
squirrelmail
7.5
2007-05-11 CVE-2007-2589 Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
network
low complexity
squirrelmail CWE-352
5.0
2007-05-11 CVE-2007-1262 Cross-Site Scripting vulnerability in Squirrelmail
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
4.3
2006-12-05 CVE-2006-6142 Cross-Site Scripting and Input Validation vulnerability in SquirrelMail
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
network
squirrelmail
6.8
2006-08-11 CVE-2006-4019 Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
network
low complexity
squirrelmail
6.4
2006-07-18 CVE-2006-3665 Unspecified vulnerability in Squirrelmail 1.4.6
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors.
network
squirrelmail
4.3