Vulnerabilities > Squirrelmail > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-20 | CVE-2003-0990 | Remote Command Execution vulnerability in Squirrelmail G/PGP Encryption Plugin The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. | 7.5 |
2002-12-31 | CVE-2002-1650 | Remote Security vulnerability in Squirrelmail 1.2.2 The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | 7.5 |
2002-12-31 | CVE-2002-1648 | Unspecified vulnerability in Squirrelmail 1.2.2 Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | 7.5 |
2002-10-04 | CVE-2002-1131 | Cross-Site Scripting Vulnerablities in SquirrelMail Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | 7.5 |
2001-07-02 | CVE-2001-1159 | Remote Command Execution vulnerability in Squirrelmail 1.0.4/1.0.5 load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | 7.5 |