- EPSS 2.3%
- Veröffentlicht 24.02.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:29
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
CVE-2006-0195
- EPSS 2.03%
- Veröffentlicht 24.02.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:04
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" speci...
CVE-2006-0188
- EPSS 2%
- Veröffentlicht 24.02.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:03
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than wha...
CVE-2005-2095
- EPSS 4.24%
- Veröffentlicht 13.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:14
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write ar...
CVE-2005-1769
- EPSS 1.83%
- Veröffentlicht 16.06.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:13:39
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
CVE-2004-1036
- EPSS 2.82%
- Veröffentlicht 01.03.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:53
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
CVE-2005-0152
- EPSS 3.61%
- Veröffentlicht 02.02.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:36
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
- EPSS 1.68%
- Veröffentlicht 29.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:27
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
CVE-2005-0104
- EPSS 1.84%
- Veröffentlicht 29.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:31
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
CVE-2005-0103
- EPSS 2.34%
- Veröffentlicht 24.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:30
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.