Squirrelmail

DATE	CVE	VULNERABILITY TITLE	RISK
2007-05-13	CVE-2007-2631	Cross-Site Request Forgery vulnerability in SquirelMail Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. network low complexity squirrelmail	7.5
2007-05-11	CVE-2007-2589	Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. network low complexity squirrelmail CWE-352	5.0
2007-05-11	CVE-2007-1262	Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. network squirrelmail CWE-79	4.3
2006-12-05	CVE-2006-6142	Cross-Site Scripting and Input Validation vulnerability in SquirrelMail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." network squirrelmail	6.8
2006-08-11	CVE-2006-4019	Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. network low complexity squirrelmail	6.4
2006-07-18	CVE-2006-3665	Unspecified vulnerability in Squirrelmail 1.4.6 SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. network squirrelmail	4.3
2006-06-23	CVE-2006-3174	Cross-Site Scripting vulnerability in SquirrelMail Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. network high complexity squirrelmail	2.6
2006-02-24	CVE-2006-0377	Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." network low complexity squirrelmail	5.0
2006-02-24	CVE-2006-0195	Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/" and "/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. network squirrelmail	4.3
2006-02-24	CVE-2006-0188	Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. network squirrelmail	4.3