CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-3663 – squirrelmail: session hijacking - secure flag not set for HTTPS-only cookies
https://notcve.org/view.php?id=CVE-2008-3663
24 Sep 2008 — Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Squirrelmail 1.4.15 no establece la bandera de seguridad para la cookie de sesión en una sesión https, lo que podría provocar que la cookie pudiera ser enviada en peticiones http y facilitar a atacantes remotos capturar esta cookie. • http://int21.de/cve/CVE-2008-3663-squirrelmail.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6348
https://notcve.org/view.php?id=CVE-2007-6348
14 Dec 2007 — SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. SquirrelMail versiones 1.4.11 y 1.4.12, distribuidas en sourceforge.net versiones anteriores a 20071213, se han modificado externamente para crear un Caballo de Troya que introduce una vulnerabilidad de inclusión remota de archivos PHP, que permite a los atac... • http://marc.info/?l=bugtraq&m=119765643909825&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4169
https://notcve.org/view.php?id=CVE-2006-4169
15 Jul 2007 — Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. Múltiples vulnerabilidades de escalado de directorio en G/PGP (GPG) Plugin 2.0, y 2.1dev versiones anteriores a 20070614, para Squirrelmail permite a usuarios remotos autenticados incluir y ejecutar ficheros locales de su elec... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3778
https://notcve.org/view.php?id=CVE-2007-3778
15 Jul 2007 — The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. La extensión G/PGP (GPG) 2.0, y 2.1dev anterior a 12/09/2006, para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección mediante meta caracteres de shell en el pará... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3779
https://notcve.org/view.php?id=CVE-2007-3779
15 Jul 2007 — PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. Vulnerabilidad de inclusión remota de archivo en PHP en el gpg_pop_init.php en la extensión G/PGP (GPG) anterior al 20070707 para el Squirrelmail permite a atacantes remotos incluir y ejecutar ficheros locales de su elección, relacionado con el parámetro MOD. • http://osvdb.org/37930 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3634
https://notcve.org/view.php?id=CVE-2007-3634
10 Jul 2007 — Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other C... • http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3635
https://notcve.org/view.php?id=CVE-2007-3635
10 Jul 2007 — Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634. Múltiples vulnerabilidades no especificadas en el plugin G/PGP (GPG) versiones anteriores a 2.1 para Squirrelmail, podrían permitir a "local authenticated users" inyectar ciertos comandos por medio de vectores no especificados. NOTA: esto podría solaparse ... • http://osvdb.org/45789 •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2007-3636 – SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3636
10 Jul 2007 — Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. Múltiples vulnerabilidades no especificadas en G/PGP (GPG) Plugin 2.1 para Squirrelmail permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados. NOTA: esta información está basada en un pre-aviso poco preciso de un invest... • https://www.exploit-db.com/exploits/30283 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2631
https://notcve.org/view.php?id=CVE-2007-2631
13 May 2007 — Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en SquirrelMail 1.4.8-4.fc6 y anteriores permite a atacantes remotos realizar acciones no especificada en usuarios de su elección a través de vectores no especificados. NOTA: Este asunto podrí... • http://osvdb.org/35890 •
CVSS: 6.1EPSS: 1%CPEs: 18EXPL: 0CVE-2007-1262 – XSS through HTML message in squirrelmail
https://notcve.org/view.php?id=CVE-2007-1262
11 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el filtro de HTML en el SquirrelMail 1.4.0 hasta la 1.4.9a permiten a atacantes remotos la in... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •