Vulnerabilities > Squirrelmail > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-05 | CVE-2006-6142 | Cross-Site Scripting and Input Validation vulnerability in SquirrelMail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." network squirrelmail | 6.8 |
2006-08-11 | CVE-2006-4019 | Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | 6.4 |
2006-07-18 | CVE-2006-3665 | Unspecified vulnerability in Squirrelmail 1.4.6 SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. network squirrelmail | 4.3 |
2006-02-24 | CVE-2006-0377 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | 5.0 |
2006-02-24 | CVE-2006-0195 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. network squirrelmail | 4.3 |
2006-02-24 | CVE-2006-0188 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. network squirrelmail | 4.3 |
2005-10-04 | CVE-2005-3128 | Cross-Site Scripting vulnerability in SquirrelMail Address Add Plugin 1.9/2.0 Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. network squirrelmail | 4.3 |
2005-07-13 | CVE-2005-2095 | Unspecified vulnerability in Squirrelmail options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. network squirrelmail | 4.3 |
2005-06-16 | CVE-2005-1769 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. network squirrelmail | 4.3 |
2005-03-01 | CVE-2004-1036 | Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | 6.8 |