Vulnerabilities > Squirrelmail > Squirrelmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-10-04 | CVE-2002-1131 | Cross-Site Scripting Vulnerablities in SquirrelMail Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | 7.5 |
| 2002-08-12 | CVE-2002-0516 | Remote Command Execution vulnerability in SquirrelMail Theme SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | 10.0 |
| 2001-07-02 | CVE-2001-1159 | Remote Command Execution vulnerability in Squirrelmail 1.0.4/1.0.5 load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | 7.5 |