CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2006-0377
https://notcve.org/view.php?id=CVE-2006-0377
24 Feb 2006 — CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." • ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc •
CVSS: 6.1EPSS: 11%CPEs: 22EXPL: 1CVE-2005-2095 – SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
https://notcve.org/view.php?id=CVE-2005-2095
13 Jul 2005 — options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. options_identities.php en SquirrelMail 1.4.4 y anteriores usa la función "extract" para procesar la variable "$_POST", lo que permite que atacantes remotos modifiquen o lean las preferencias de otros usuarios, lleven a cabo ataques XSS o escriban ... • https://www.exploit-db.com/exploits/43830 •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2005-1769
https://notcve.org/view.php?id=CVE-2005-1769
16 Jun 2005 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. • http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2005-0075
https://notcve.org/view.php?id=CVE-2005-0075
29 Jan 2005 — prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2005-0104
https://notcve.org/view.php?id=CVE-2005-0104
29 Jan 2005 — Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2005-0103
https://notcve.org/view.php?id=CVE-2005-0103
24 Jan 2005 — PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 3%CPEs: 22EXPL: 0CVE-2004-1036
https://notcve.org/view.php?id=CVE-2004-1036
16 Nov 2004 — Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 •
CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 2CVE-2004-0639 – SquirrelMail 1.2.x - From Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0639
09 Jul 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script d... • https://www.exploit-db.com/exploits/24167 •
CVSS: 6.8EPSS: 14%CPEs: 21EXPL: 2CVE-2004-0520 – SquirrelMail 1.x - Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0520
03 Jun 2004 — Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php. • https://www.exploit-db.com/exploits/24160 •