Vulnerabilities > Squirrelmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-23 | CVE-2006-3174 | Cross-Site Scripting vulnerability in SquirrelMail Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | 2.6 |
| 2006-02-24 | CVE-2006-0377 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | 5.0 |
| 2006-02-24 | CVE-2006-0195 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. network squirrelmail | 4.3 |
| 2006-02-24 | CVE-2006-0188 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. network squirrelmail | 4.3 |
| 2005-12-31 | CVE-2005-1924 | Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. | 9.3 |
| 2005-10-04 | CVE-2005-3128 | Cross-Site Scripting vulnerability in SquirrelMail Address Add Plugin 1.9/2.0 Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. network squirrelmail | 4.3 |
| 2005-07-13 | CVE-2005-2095 | Unspecified vulnerability in Squirrelmail options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. network squirrelmail | 4.3 |
| 2005-06-16 | CVE-2005-1769 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. network squirrelmail | 4.3 |
| 2005-05-02 | CVE-2005-0239 | Unspecified vulnerability in Squirrelmail S Mime Plugin 0.4/0.5 viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0184 | Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. | 2.1 |