CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2019-12970 – Ubuntu Security Notice USN-4669-1
https://notcve.org/view.php?id=CVE-2019-12970
01 Jul 2019 — XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. Se detectó un XSS en SquirrelMail hasta la versión 1.4.22 y versión 1.5.x hasta 1.5.2. Debido al manejo inapropiado de los elementos de tipo RCDATA ... • https://packetstorm.news/files/id/153495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 54EXPL: 0CVE-2010-2813 – SquirrelMail: DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password
https://notcve.org/view.php?id=CVE-2010-2813
13 Aug 2010 — functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. functions/imap_general.php en SquirrelMail anterior a v1.4.21 no maneja adecuadamente los caracteres de 8-bits en contraseñas, lo cual permite a atacantes remotos causar una denegación de servicio (consumo de ... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 72EXPL: 0CVE-2009-1580 – SquirrelMail: Session fixation vulnerability
https://notcve.org/view.php?id=CVE-2009-1580
13 May 2009 — Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Vulnerabilidad de fijación de sesión en SquirrelMail versiones anteriores a v1.4.18 permite a atacantes remotos secuestrar sesiones web a través de una cookie manipulada. Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-287: Improper Authentication CWE-384: Session Fixation •
CVSS: 9.1EPSS: 22%CPEs: 15EXPL: 1CVE-2006-4019 – SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite
https://notcve.org/view.php?id=CVE-2006-4019
11 Aug 2006 — Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. Vulnerabilidad de evaluación de variable dinámica en compose.php en SquirrelMail 1.4.0 hasta la versión 1.4.7 permite a atacantes remotos sobreescribir variables del programa arbitrarias y leer o escribir los archivos adjuntos y preferencias de otros usuarios. James Bercegay of GulfTech Secur... • https://www.exploit-db.com/exploits/43839 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3174 – Mandriva Linux Security Advisory 2006.147
https://notcve.org/view.php?id=CVE-2006-3174
23 Jun 2006 — Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. A cross-site scripting (XSS) vulnerability exists in search.php in SquirrelMail versions 1.5.1 and below, when register_globals is enabled, allowing remote attackers to inject arbitrary HTML via the mailbox parameter. • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 6.1EPSS: 9%CPEs: 22EXPL: 1CVE-2005-2095 – SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
https://notcve.org/view.php?id=CVE-2005-2095
13 Jul 2005 — options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. options_identities.php en SquirrelMail 1.4.4 y anteriores usa la función "extract" para procesar la variable "$_POST", lo que permite que atacantes remotos modifiquen o lean las preferencias de otros usuarios, lleven a cabo ataques XSS o escriban ... • https://www.exploit-db.com/exploits/43830 •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2005-1769 – Gentoo Linux Security Advisory 200506-19
https://notcve.org/view.php?id=CVE-2005-1769
16 Jun 2005 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. James Bercegay of GulfTech Security ... • http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2005-0104 – squirrelInclusion.txt
https://notcve.org/view.php?id=CVE-2005-0104
29 Jan 2005 — Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Upstream developers noticed that an unsanitized variable could lead to cross site scripting. Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges ... • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 6.8EPSS: 4%CPEs: 22EXPL: 0CVE-2004-1036
https://notcve.org/view.php?id=CVE-2004-1036
16 Nov 2004 — Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905 •
CVSS: 6.8EPSS: 4%CPEs: 21EXPL: 2CVE-2004-0639 – SquirrelMail 1.2.x - From Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0639
09 Jul 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script d... • https://www.exploit-db.com/exploits/24167 •