Vulnerabilities > Squirrelmail > Squirrelmail > 1.44
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-19 | CVE-2010-2813 | Resource Management Errors vulnerability in Squirrelmail functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. | 5.0 |
2009-05-14 | CVE-2009-1580 | Improper Authentication vulnerability in Squirrelmail Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | 5.8 |
2006-08-11 | CVE-2006-4019 | Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | 6.4 |
2005-07-13 | CVE-2005-2095 | Unspecified vulnerability in Squirrelmail options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. network squirrelmail | 4.3 |
2005-06-16 | CVE-2005-1769 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. network squirrelmail | 4.3 |
2005-01-29 | CVE-2005-0104 | Unspecified vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. network squirrelmail | 4.3 |