CVE-2004-0639 – SquirrelMail 1.2.x - From Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0639
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script de su elección mediante (1) la variable $mailer en read_body.php, (2) la variable $senderNames_part en mailbox_display.php, y posiblemente otros vectores,incluyendo (3) la variable $event_text. • https://www.exploit-db.com/exploits/24167 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108611554415078&w=2 http://www.debian.org/security/2004/dsa-535 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt http://www.securityfocus.com/bid/10450 https://exchange.xforce.ibmcloud.com/vulnerabilities/16285 •
CVE-2004-0521
https://notcve.org/view.php?id=CVE-2004-0521
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Vulnerabilidad de inyección de SQL en SquirrelMail anteriores a 1.4.3 RC1 permite a atacantes remotos ejecutar sentencias SQL no autorizadas, con impacto desconocido, probablemente mediante abook_database.php. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=squirrelmail-cvs&m=108309375029888 http://marc.info/?l=squirrelmail-cvs&m=108532891231712 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11685 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://security.gentoo.org/glsa/glsa •
CVE-2004-0519 – SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elección como otro usuario y posiblemente robar información de autenticación mediante múltiples vectores de ataque, incluyendo el parámetro mailbox en compose.php. • https://www.exploit-db.com/exploits/24068 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108334862800260 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11531 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://security.gentoo.org/glsa/glsa-200405-16.xml http& •
CVE-2004-0520 – SquirrelMail 1.x - Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0520
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php. • https://www.exploit-db.com/exploits/24160 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108611554415078&w=2 http://marc.info/?l=squirrelmail-cvs&m=108532891231712 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://www.debian.org/security/2004/dsa-535 http://www.gentoo •
CVE-2003-0990 – SquirrelMail PGP Plugin - Command Execution (SMTP)
https://notcve.org/view.php?id=CVE-2003-0990
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. El código parseAddress en SquirrelMail 1.4.0 y GPG Plugin 1.1 permite a atacantes remotos ejecutar comandos mediante metacaractéres de shell en el campo "Para:". • https://www.exploit-db.com/exploits/16888 http://marc.info/?l=bugtraq&m=107247236124180&w=2 http://www.bugtraq.org/advisories/_BSSADV-0001.txt http://www.securityfocus.com/archive/1/348366 http://www.securityfocus.com/bid/9296 https://exchange.xforce.ibmcloud.com/vulnerabilities/14079 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 http://www.wslabi.com/wabisabilabi/initPublishedBid.do? •