Vulnerabilities > Squirrelmail > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-14 | CVE-2009-1578 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | 4.3 |
2008-12-05 | CVE-2008-2379 | Cross-Site Scripting vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. | 4.3 |
2008-09-24 | CVE-2008-3663 | Cryptographic Issues vulnerability in Squirrelmail 1.4.15 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
2007-12-14 | CVE-2007-6348 | Code Injection vulnerability in Squirrelmail 1.4.11/1.4.12 SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. | 6.8 |
2007-07-15 | CVE-2007-3779 | File-Upload vulnerability in Squirrelmail GPG Plugin 2.1 PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. network squirrelmail | 4.3 |
2007-07-15 | CVE-2006-4169 | Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. | 5.5 |
2007-07-10 | CVE-2007-3635 | Local Security vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. | 4.3 |
2007-07-10 | CVE-2007-3634 | Remote Command Execution vulnerability in Squirrelmail GPG Plugin 2.0 Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. | 6.5 |
2007-05-11 | CVE-2007-2589 | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | 5.0 |
2007-05-11 | CVE-2007-1262 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | 4.3 |