Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.

Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.