Squirrelmail

Squirrelmail

65 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2006-0377

  • EPSS 1.77%
  • Veröffentlicht 24.02.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

4.3

CVE-2006-0195

  • EPSS 2.74%
  • Veröffentlicht 24.02.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" speci...

4.3

CVE-2006-0188

  • EPSS 1.36%
  • Veröffentlicht 24.02.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than wha...

4.3

CVE-2005-2095

  • EPSS 11.15%
  • Veröffentlicht 13.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write ar...

4.3

CVE-2005-1769

  • EPSS 1.7%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.

6.8

CVE-2004-1036

  • EPSS 3.18%
  • Veröffentlicht 01.03.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

7.5

CVE-2005-0152

  • EPSS 5.71%
  • Veröffentlicht 02.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

5

CVE-2005-0075

  • EPSS 0.83%
  • Veröffentlicht 29.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

4.3

CVE-2005-0104

  • EPSS 1.37%
  • Veröffentlicht 29.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.

7.5

CVE-2005-0103

  • EPSS 3.45%
  • Veröffentlicht 24.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.