Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-2124 | 5.0 |
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP
|
13-02-2023 - 04:33 | 18-01-2013 - 11:48 | |
CVE-2008-3663 | 5.0 |
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
|
11-10-2018 - 20:49 | 24-09-2008 - 14:56 | |
CVE-2007-2589 | 5.0 |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
|
11-10-2017 - 01:32 | 11-05-2007 - 04:20 | |
CVE-2009-1580 | 5.8 |
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
CVE-2009-1581 | 4.3 |
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scrip
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
CVE-2009-2964 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences
|
19-09-2017 - 01:29 | 25-08-2009 - 17:30 | |
CVE-2011-2753 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order
|
29-08-2017 - 01:29 | 17-07-2011 - 20:55 |