Show filters
73 Total Results
Displaying 31-40 of 73
Sort by:
Attacker Value
Unknown

CVE-2008-5263

Disclosure Date: February 26, 2009 (last updated October 04, 2023)
Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file).
0
Attacker Value
Unknown

CVE-2009-0030

Disclosure Date: January 21, 2009 (last updated November 08, 2023)
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.
0
Attacker Value
Unknown

CVE-2008-2379

Disclosure Date: December 05, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
0
Attacker Value
Unknown

CVE-2008-3663

Disclosure Date: September 24, 2008 (last updated October 04, 2023)
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
0
Attacker Value
Unknown

CVE-2007-6348

Disclosure Date: December 14, 2007 (last updated October 04, 2023)
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
0
Attacker Value
Unknown

CVE-2007-4439

Disclosure Date: August 21, 2007 (last updated October 04, 2023)
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
0
Attacker Value
Unknown

CVE-2007-3636

Disclosure Date: July 10, 2007 (last updated October 04, 2023)
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
0
Attacker Value
Unknown

CVE-2007-3635

Disclosure Date: July 10, 2007 (last updated October 04, 2023)
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
0
Attacker Value
Unknown

CVE-2007-2631

Disclosure Date: May 13, 2007 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
0
Attacker Value
Unknown

CVE-2007-1262

Disclosure Date: May 11, 2007 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
0