CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2005-0103
https://notcve.org/view.php?id=CVE-2005-0103
24 Jan 2005 — PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 3%CPEs: 22EXPL: 0CVE-2004-1036
https://notcve.org/view.php?id=CVE-2004-1036
16 Nov 2004 — Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 •
CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 2CVE-2004-0639 – SquirrelMail 1.2.x - From Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0639
09 Jul 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script d... • https://www.exploit-db.com/exploits/24167 •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 2CVE-2004-0519 – SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0519
03 Jun 2004 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elección como otro usuario y posiblemente robar información de autenticación mediante múltiples ve... • https://www.exploit-db.com/exploits/24068 •
CVSS: 6.8EPSS: 14%CPEs: 21EXPL: 2CVE-2004-0520 – SquirrelMail 1.x - Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0520
03 Jun 2004 — Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php. • https://www.exploit-db.com/exploits/24160 •
CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 0CVE-2004-0521
https://notcve.org/view.php?id=CVE-2004-0521
03 Jun 2004 — SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Vulnerabilidad de inyección de SQL en SquirrelMail anteriores a 1.4.3 RC1 permite a atacantes remotos ejecutar sentencias SQL no autorizadas, con impacto desconocido, probablemente mediante abook_database.php. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 9.8EPSS: 78%CPEs: 2EXPL: 2CVE-2003-0990 – SquirrelMail PGP Plugin - Command Execution (SMTP)
https://notcve.org/view.php?id=CVE-2003-0990
06 Jan 2004 — The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. El código parseAddress en SquirrelMail 1.4.0 y GPG Plugin 1.1 permite a atacantes remotos ejecutar comandos mediante metacaractéres de shell en el campo "Para:". • https://www.exploit-db.com/exploits/16888 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0160
https://notcve.org/view.php?id=CVE-2003-0160
26 Mar 2003 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1648
https://notcve.org/view.php?id=CVE-2002-1648
31 Dec 2002 — Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1649
https://notcve.org/view.php?id=CVE-2002-1649
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html •