Squirrelmail

Squirrelmail

65 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2009-2964

  • EPSS 0.86%
  • Published 25.08.2009 17:30:01
  • Last modified 09.04.2025 00:30:58

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences...

6.8

CVE-2009-1381

Exploit
  • EPSS 0.59%
  • Published 22.05.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a userna...

5.8

CVE-2009-1580

  • EPSS 1.03%
  • Published 14.05.2009 17:30:00
  • Last modified 09.04.2025 00:30:58

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.

4.3

CVE-2009-1578

Exploit
  • EPSS 2.92%
  • Published 14.05.2009 17:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to c...

6.8

CVE-2009-1579

  • EPSS 4.76%
  • Published 14.05.2009 17:30:00
  • Last modified 09.04.2025 00:30:58

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

4.3

CVE-2009-1581

  • EPSS 1.29%
  • Published 14.05.2009 17:30:00
  • Last modified 09.04.2025 00:30:58

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scrip...

6.5

CVE-2009-0030

  • EPSS 1.05%
  • Published 21.01.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the stand...

4.3

CVE-2008-2379

  • EPSS 1.26%
  • Published 05.12.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

5

CVE-2008-3663

  • EPSS 1.27%
  • Published 24.09.2008 14:56:52
  • Last modified 09.04.2025 00:30:58

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

6.8

CVE-2007-6348

  • EPSS 3.31%
  • Published 14.12.2007 19:46:00
  • Last modified 09.04.2025 00:30:58

SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary cod...