CVE-2004-0519 – SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elección como otro usuario y posiblemente robar información de autenticación mediante múltiples vectores de ataque, incluyendo el parámetro mailbox en compose.php. • https://www.exploit-db.com/exploits/24068 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108334862800260 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11531 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://security.gentoo.org/glsa/glsa-200405-16.xml http& •
CVE-2004-0520 – SquirrelMail 1.x - Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0520
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php. • https://www.exploit-db.com/exploits/24160 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108611554415078&w=2 http://marc.info/?l=squirrelmail-cvs&m=108532891231712 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://www.debian.org/security/2004/dsa-535 http://www.gentoo •
CVE-2003-0160
https://notcve.org/view.php?id=CVE-2003-0160
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 http://www.redhat.com/support/errata/RHSA-2003-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614 •
CVE-2002-2086
https://notcve.org/view.php?id=CVE-2002-2086
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. • http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311 http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311 http://www.securityfocus.com/bid/4666 http://www.securityfocus.com/bid/4667 http://www.squirrelmail.org/changelog.php https://exchange.xforce.ibmcloud.com/vulnerabilities/9008 https://exchange.xforce.ibmcloud.com/vulnerabilities/9009 •
CVE-2002-1132
https://notcve.org/view.php?id=CVE-2002-1132
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html http://www.debian.org/security/2002/dsa-191 http://www.iss.net/security_center/static/10345.php http://www.redhat.com/support/errata/RHSA-2002-204.html http://www.securityfocus.com/bid/5949 •