Vulnerabilities > Squirrelmail > Squirrelmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-05-14 | CVE-2009-1581 | Cross-Site Scripting vulnerability in Squirrelmail functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. | 4.3 |
| 2009-05-14 | CVE-2009-1580 | Improper Authentication vulnerability in Squirrelmail Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | 5.8 |
| 2009-05-14 | CVE-2009-1579 | Code Injection vulnerability in Squirrelmail The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | 6.8 |
| 2009-05-14 | CVE-2009-1578 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | 4.3 |
| 2008-12-05 | CVE-2008-2379 | Cross-Site Scripting vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. | 4.3 |
| 2008-09-24 | CVE-2008-3663 | Cryptographic Issues vulnerability in Squirrelmail 1.4.15 Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
| 2007-12-14 | CVE-2007-6348 | Code Injection vulnerability in Squirrelmail 1.4.11/1.4.12 SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. | 6.8 |
| 2007-07-10 | CVE-2007-3636 | Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. | 7.5 |
| 2007-07-10 | CVE-2007-3635 | Local Security vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. | 4.3 |
| 2007-07-10 | CVE-2007-3634 | Remote Command Execution vulnerability in Squirrelmail GPG Plugin 2.0 Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. | 6.5 |