CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 2CVE-2005-3128 – SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3128
04 Oct 2005 — Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. • https://www.exploit-db.com/exploits/26305 •
CVSS: 6.1EPSS: 11%CPEs: 22EXPL: 1CVE-2005-2095 – SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
https://notcve.org/view.php?id=CVE-2005-2095
13 Jul 2005 — options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. options_identities.php en SquirrelMail 1.4.4 y anteriores usa la función "extract" para procesar la variable "$_POST", lo que permite que atacantes remotos modifiquen o lean las preferencias de otros usuarios, lleven a cabo ataques XSS o escriban ... • https://www.exploit-db.com/exploits/43830 •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2005-1769
https://notcve.org/view.php?id=CVE-2005-1769
16 Jun 2005 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. • http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-0239
https://notcve.org/view.php?id=CVE-2005-0239
07 Feb 2005 — viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter. • http://www.idefense.com/application/poi/display?id=191&type=vulnerabilities&flashstatus=false •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0183
https://notcve.org/view.php?id=CVE-2005-0183
06 Feb 2005 — ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. • http://marc.info/?l=bugtraq&m=110549426300953&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0184
https://notcve.org/view.php?id=CVE-2005-0184
06 Feb 2005 — Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request. • http://marc.info/?l=bugtraq&m=110549426300953&w=2 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2005-0152
https://notcve.org/view.php?id=CVE-2005-0152
02 Feb 2005 — PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." • http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2005-0075
https://notcve.org/view.php?id=CVE-2005-0075
29 Jan 2005 — prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2005-0104
https://notcve.org/view.php?id=CVE-2005-0104
29 Jan 2005 — Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2005-0103
https://notcve.org/view.php?id=CVE-2005-0103
24 Jan 2005 — PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •