Squirrelmail
by SquirrelMail
CVEs (67)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7692 | Hig | 0.63 | 8.8 | 0.32 | Apr 20, 2017 | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The… | ||
| CVE-2018-8741 | Hig | 0.58 | 8.8 | 0.04 | Mar 17, 2018 | A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. | ||
| CVE-2025-30090 | Hig | 0.47 | 7.2 | 0.00 | Apr 2, 2025 | mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. | ||
| CVE-2010-1637 | Med | 0.42 | 6.5 | 0.03 | Jun 22, 2010 | The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | ||
| CVE-2018-14955 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | ||
| CVE-2018-14954 | Med | 0.40 | 6.1 | 0.02 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | ||
| CVE-2018-14953 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | ||
| CVE-2018-14952 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<maction xlink:href=" attack. | ||
| CVE-2018-14951 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | ||
| CVE-2018-14950 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2018 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<a xlink:href=" attack. | ||
| CVE-2006-2842 | 0.07 | — | 0.47 | Jun 6, 2006 | PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue… | |||
| CVE-2004-0519 | 0.05 | — | 0.23 | Aug 18, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | |||
| CVE-2003-0990 | 0.05 | — | 0.29 | Jan 20, 2004 | The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. | |||
| CVE-2002-1131 | 0.05 | — | 0.26 | Oct 4, 2002 | Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | |||
| CVE-2006-4019 | 0.04 | — | 0.09 | Aug 11, 2006 | Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | |||
| CVE-2004-0520 | 0.04 | — | 0.07 | Aug 18, 2004 | Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||
| CVE-2002-0516 | 0.04 | — | 0.11 | Aug 12, 2002 | SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | |||
| CVE-2007-3636 | 0.03 | — | 0.03 | Jul 10, 2007 | Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | |||
| CVE-2005-2095 | 0.03 | — | 0.04 | Jul 13, 2005 | options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. | |||
| CVE-2004-0639 | 0.03 | — | 0.06 | Aug 6, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors… |
- risk 0.63cvss 8.8epss 0.32
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The…
- risk 0.58cvss 8.8epss 0.04
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
- risk 0.47cvss 7.2epss 0.00
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
- risk 0.42cvss 6.5epss 0.03
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
- risk 0.40cvss 6.1epss 0.02
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<maction xlink:href=" attack.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
- risk 0.40cvss 6.1epss 0.01
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<a xlink:href=" attack.
- CVE-2006-2842Jun 6, 2006risk 0.07cvss —epss 0.47
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue…
- CVE-2004-0519Aug 18, 2004risk 0.05cvss —epss 0.23
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
- CVE-2003-0990Jan 20, 2004risk 0.05cvss —epss 0.29
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
- CVE-2002-1131Oct 4, 2002risk 0.05cvss —epss 0.26
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
- CVE-2006-4019Aug 11, 2006risk 0.04cvss —epss 0.09
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
- CVE-2004-0520Aug 18, 2004risk 0.04cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
- CVE-2002-0516Aug 12, 2002risk 0.04cvss —epss 0.11
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
- CVE-2007-3636Jul 10, 2007risk 0.03cvss —epss 0.03
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
- CVE-2005-2095Jul 13, 2005risk 0.03cvss —epss 0.04
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
- CVE-2004-0639Aug 6, 2004risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors…
Page 1 of 4