Show filters
73 Total Results
Displaying 51-60 of 73
Sort by:
Attacker Value
Unknown

CVE-2005-2095

Disclosure Date: July 13, 2005 (last updated October 04, 2023)
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
0
0
Attacker Value
Unknown

CVE-2005-1769

Disclosure Date: June 16, 2005 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
0
0
Attacker Value
Unknown

CVE-2005-0962

Disclosure Date: May 02, 2005 (last updated February 22, 2025)
SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.
0
0
Attacker Value
Unknown

CVE-2004-1036

Disclosure Date: March 01, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
0
0
Attacker Value
Unknown

CVE-2005-0152

Disclosure Date: February 02, 2005 (last updated February 22, 2025)
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
0
0
Attacker Value
Unknown

CVE-2005-0104

Disclosure Date: January 29, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
0
0
Attacker Value
Unknown

CVE-2005-0075

Disclosure Date: January 29, 2005 (last updated February 22, 2025)
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
0
0
Attacker Value
Unknown

CVE-2005-0103

Disclosure Date: January 24, 2005 (last updated February 22, 2025)
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
0
0
Attacker Value
Unknown

CVE-2004-0521

Disclosure Date: August 18, 2004 (last updated February 22, 2025)
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
0
0
Attacker Value
Unknown

CVE-2004-0520

Disclosure Date: August 18, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
0
0
View More Topics  < Previous  Next >