Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-2842 | 7.5 |
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array p
|
07-08-2024 - 18:15 | 06-06-2006 - 20:06 | |
CVE-2006-4019 | 6.4 |
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. This vulnerability is addressed
|
17-10-2018 - 21:32 | 11-08-2006 - 21:04 | |
CVE-2008-3663 | 5.0 |
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
|
11-10-2018 - 20:49 | 24-09-2008 - 14:56 | |
CVE-2007-2589 | 5.0 |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
|
11-10-2017 - 01:32 | 11-05-2007 - 04:20 | |
CVE-2006-6142 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in
|
11-10-2017 - 01:31 | 05-12-2006 - 11:28 | |
CVE-2006-0377 | 5.0 |
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
|
11-10-2017 - 01:30 | 24-02-2006 - 00:02 | |
CVE-2009-1580 | 5.8 |
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
CVE-2009-1581 | 4.3 |
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scrip
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
CVE-2009-2964 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences
|
19-09-2017 - 01:29 | 25-08-2009 - 17:30 | |
CVE-2011-2753 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order
|
29-08-2017 - 01:29 | 17-07-2011 - 20:55 |