CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2631
https://notcve.org/view.php?id=CVE-2007-2631
13 May 2007 — Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en SquirrelMail 1.4.8-4.fc6 y anteriores permite a atacantes remotos realizar acciones no especificada en usuarios de su elección a través de vectores no especificados. NOTA: Este asunto podrí... • http://osvdb.org/35890 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3174
https://notcve.org/view.php?id=CVE-2006-3174
23 Jun 2006 — Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 3CVE-2006-2842 – Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-2842
06 Jun 2006 — PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of is... • https://www.exploit-db.com/exploits/27948 •
CVSS: 6.1EPSS: 11%CPEs: 22EXPL: 1CVE-2005-2095 – SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
https://notcve.org/view.php?id=CVE-2005-2095
13 Jul 2005 — options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. options_identities.php en SquirrelMail 1.4.4 y anteriores usa la función "extract" para procesar la variable "$_POST", lo que permite que atacantes remotos modifiquen o lean las preferencias de otros usuarios, lleven a cabo ataques XSS o escriban ... • https://www.exploit-db.com/exploits/43830 •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2005-0075
https://notcve.org/view.php?id=CVE-2005-0075
29 Jan 2005 — prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2005-0104
https://notcve.org/view.php?id=CVE-2005-0104
29 Jan 2005 — Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2005-0103
https://notcve.org/view.php?id=CVE-2005-0103
24 Jan 2005 — PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 3%CPEs: 22EXPL: 0CVE-2004-1036
https://notcve.org/view.php?id=CVE-2004-1036
16 Nov 2004 — Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 2CVE-2004-0519 – SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0519
03 Jun 2004 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elección como otro usuario y posiblemente robar información de autenticación mediante múltiples ve... • https://www.exploit-db.com/exploits/24068 •
CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 0CVE-2004-0521
https://notcve.org/view.php?id=CVE-2004-0521
03 Jun 2004 — SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Vulnerabilidad de inyección de SQL en SquirrelMail anteriores a 1.4.3 RC1 permite a atacantes remotos ejecutar sentencias SQL no autorizadas, con impacto desconocido, probablemente mediante abook_database.php. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •