Vulnerabilities > Squirrelmail > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-20 | CVE-2020-14933 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 8.8 |
| 2020-06-20 | CVE-2020-14932 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. | 7.5 |
| 2018-03-17 | CVE-2018-8741 | Path Traversal vulnerability in multiple products A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. | 8.8 |
| 2007-07-15 | CVE-2007-3778 | Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. | 7.5 |
| 2007-07-10 | CVE-2007-3636 | Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. | 7.5 |
| 2007-05-13 | CVE-2007-2631 | Cross-Site Request Forgery vulnerability in SquirelMail Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. | 7.5 |
| 2005-05-02 | CVE-2005-0239 | Unspecified vulnerability in Squirrelmail S Mime Plugin 0.4/0.5 viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0183 | Unspecified vulnerability in Squirrelmail Vacation Plugin ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. | 7.2 |
| 2005-02-02 | CVE-2005-0152 | Unspecified vulnerability in Squirrelmail 1.2.6 PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | 7.5 |
| 2005-01-24 | CVE-2005-0103 | Code Injection vulnerability in Squirrelmail PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. | 7.5 |