Vulnerabilities > Squirrelmail > Squirrelmail > 1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-14 | CVE-2009-1578 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | 4.3 |
2006-12-05 | CVE-2006-6142 | Cross-Site Scripting and Input Validation vulnerability in SquirrelMail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." network squirrelmail | 6.8 |
2006-02-24 | CVE-2006-0377 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | 5.0 |
2006-02-24 | CVE-2006-0195 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. network squirrelmail | 4.3 |
2006-02-24 | CVE-2006-0188 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. network squirrelmail | 4.3 |
2005-07-13 | CVE-2005-2095 | Unspecified vulnerability in Squirrelmail options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. network squirrelmail | 4.3 |
2005-03-01 | CVE-2004-1036 | Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | 6.8 |
2005-01-29 | CVE-2005-0104 | Unspecified vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. network squirrelmail | 4.3 |
2005-01-29 | CVE-2005-0075 | Unspecified vulnerability in Squirrelmail prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | 5.0 |
2005-01-24 | CVE-2005-0103 | Code Injection vulnerability in Squirrelmail PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. | 7.5 |