Searching squirrelmail software vulnerabilities

Cross-site scripting vulnerabilities in Squirre

vulnerabilities | SquirrelMail | Cross-site | scripting |

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.


An incomplete fix for a cross-site scripting (X

cross-site | incomplete | scripting | fix |

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.


Cross-site scripting (XSS) vulnerability in rea

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.


Cross-site request forgery (CSRF) vulnerability

Cross-site | forgery | request |

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.


Cross-site scripting (XSS) vulnerability in rea

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.


The spell checker plugin (check_me.mod.php) for

checker | plugin | spell |

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.


The parseAddress code in (1) SquirrelMail 1.4.0

parseAddress | code |

The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.


Cross-site scripting (XSS) vulnerability in mim

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.


SQL injection vulnerability in SquirrelMail bef

vulnerability | SquirrelMail | injection | before | SQL |

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.


Buffer overflow in the chpasswd command in the

Change_passwd | SquirrelMail | privileges | overflow | chpasswd | command | allows | plugin | before | Buffer | users | local | name | long | user | gain | used | root | via |

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.


PHP remote file inclusion vulnerability in webm

vulnerability | SquirrelMail | webmailphp | inclusion | before | remote | file | PHP |

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.


Cross-site scripting (XSS) vulnerability in web

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.


PHP remote file inclusion vulnerability in Squi

vulnerability | Squirrelmail | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."


ftpfile in the Vacation plugin 0.15 and earlier

Vacation | ftpfile | plugin |

ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.


Directory traversal vulnerability in ftpfile in

vulnerability | Directory | traversal | Vacation | ftpfile | plugin |

Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.


viewcert.php in the S/MIME plugin 0.4 and 0.5 f

metacharacters | Squirrelmail | viewcertphp | arbitrary | attackers | parameter | commands | execute | S/MIME | plugin | remote | allows | shell | cert | via |

viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.


Buffer overflow in Change passwd 3.1 (chpasswd)

overflow | passwd | Change | Buffer |

Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.


Software vulnerabilities results 1 to 20 of 45     
Page: 123