Page 10 of 67 results (0.006 seconds)

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. • http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=111893827711390&w=2 http://www.debian.org/security/2005/dsa-756 http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.redhat.com/support/errata/RHSA-2005-595.html http://www.squirrelmail.org/security/issue/2005-06&# •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." • http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes http://secunia.com/advisories/14096 http://www.debian.org/security/2005/dsa-662 http://www.kb.cert.org/vuls/id/203214 •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://marc.info/?l=bugtraq&m=110702772714662&w=2 http://secunia.com/advisories/13962 http://secunia.com/advisories/14096 http://www.debian.org/security/2005/dsa-662 http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml http://www.redhat.com/support/errata/RHSA-2005-099.html http://www.redhat.com/support/errata/RHSA-2005-135.html http://www.squirrelmail.org/security/issue/2005-01-20 https •

CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://marc.info/?l=bugtraq&m=110702772714662&w=2 http://secunia.com/advisories/13962 http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml http://www.redhat.com/support/errata/RHSA-2005-099.html http://www.redhat.com/support/errata/RHSA-2005-135.html http://www.squirrelmail.org/security/issue/2005-01-14 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9587 http •

CVSS: 7.5EPSS: 2%CPEs: 21EXPL: 0

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://marc.info/?l=bugtraq&m=110702772714662&w=2 http://secunia.com/advisories/13962 http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml http://www.redhat.com/support/errata/RHSA-2005-099.html http://www.redhat.com/support/errata/RHSA-2005-135.html http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223 https://exchange.xforce.ibmcloud.com/vulnerabilities/19037 https:&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •