Page 7 of 41 results (0.012 seconds)

CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Vulnerabilidad de inyección de SQL en SquirrelMail anteriores a 1.4.3 RC1 permite a atacantes remotos ejecutar sentencias SQL no autorizadas, con impacto desconocido, probablemente mediante abook_database.php. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=squirrelmail-cvs&m=108309375029888 http://marc.info/?l=squirrelmail-cvs&m=108532891231712 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11685 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://security.gentoo.org/glsa/glsa •

CVSS: 6.8EPSS: 2%CPEs: 18EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elección como otro usuario y posiblemente robar información de autenticación mediante múltiples vectores de ataque, incluyendo el parámetro mailbox en compose.php. • https://www.exploit-db.com/exploits/24068 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108334862800260 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11531 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://security.gentoo.org/glsa/glsa-200405-16.xml http& •

CVSS: 6.8EPSS: 1%CPEs: 21EXPL: 2

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php. • https://www.exploit-db.com/exploits/24160 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108611554415078&w=2 http://marc.info/?l=squirrelmail-cvs&m=108532891231712 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://www.debian.org/security/2004/dsa-535 http://www.gentoo&# •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 http://www.redhat.com/support/errata/RHSA-2003-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html http://www.kb.cert.org/vuls/id/153043 http://www.securityfocus.com/bid/3956 https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 •