VYPR

Squirrelmail

by SquirrelMail

CVEs (67)

  • CVE-2002-1648Dec 31, 2002
    risk 0.00cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

  • CVE-2002-1649Dec 31, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

  • CVE-2002-1650Dec 31, 2002
    risk 0.00cvss epss 0.04

    The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

  • CVE-2002-1341Dec 18, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

  • CVE-2002-1276Nov 29, 2002
    risk 0.00cvss epss 0.01

    An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

  • CVE-2002-1132Oct 4, 2002
    risk 0.00cvss epss 0.02

    SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

  • CVE-2001-1159Jul 2, 2001
    risk 0.00cvss epss 0.04

    load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using…

Page 4 of 4