Page 5 of 26 results (0.040 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en SquirrelMail 1.4.8-4.fc6 y anteriores permite a atacantes remotos realizar acciones no especificada en usuarios de su elección a través de vectores no especificados. NOTA: Este asunto podría solaparse con CVE-2007-2589 o CVE-2002-1648. • http://osvdb.org/35890 http://www.securityfocus.com/archive/1/468220/100/0/threaded http://www.securityfocus.com/archive/1/468253/100/0/threaded •

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html http://secunia.com/advisories/26235 http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 http://www.osvdb.org/26610 http://www.securityfocus.com/bid/18700 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ib •

CVSS: 7.5EPSS: 33%CPEs: 27EXPL: 3

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable • https://www.exploit-db.com/exploits/27948 https://github.com/karthi-the-hacker/CVE-2006-2842 ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/20406 http://secunia.com/advisories/20931 http://secunia.com/advisories/21159 http://secunia.com/advisories/21262 http://secunia.com/advisories/26235 http •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 http://www.redhat.com/support/errata/RHSA-2003-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html http://www.debian.org/security/2002/dsa-191 http://www.iss.net/security_center/static/10345.php http://www.redhat.com/support/errata/RHSA-2002-204.html http://www.securityfocus.com/bid/5949 •