CVSS: 7.5EPSS: 68%CPEs: 2EXPL: 2CVE-2003-0990 – SquirrelMail PGP Plugin - Command Execution (SMTP)
https://notcve.org/view.php?id=CVE-2003-0990
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. El código parseAddress en SquirrelMail 1.4.0 y GPG Plugin 1.1 permite a atacantes remotos ejecutar comandos mediante metacaractéres de shell en el campo "Para:". • https://www.exploit-db.com/exploits/16888 http://marc.info/?l=bugtraq&m=107247236124180&w=2 http://www.bugtraq.org/advisories/_BSSADV-0001.txt http://www.securityfocus.com/archive/1/348366 http://www.securityfocus.com/bid/9296 https://exchange.xforce.ibmcloud.com/vulnerabilities/14079 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 http://www.wslabi.com/wabisabilabi/initPublishedBid.do? •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0160
https://notcve.org/view.php?id=CVE-2003-0160
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 http://www.redhat.com/support/errata/RHSA-2003-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2002-1648
https://notcve.org/view.php?id=CVE-2002-1648
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html http://www.kb.cert.org/vuls/id/153043 http://www.securityfocus.com/bid/3956 https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1649
https://notcve.org/view.php?id=CVE-2002-1649
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html http://www.kb.cert.org/vuls/id/153043 http://www.securityfocus.com/bid/3956 https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2002-1650
https://notcve.org/view.php?id=CVE-2002-1650
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html https://exchange.xforce.ibmcloud.com/vulnerabilities/7990 •