Squirrelmail: >> Squirrelmail >> 1.44 Security Vulnerabilities
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.
CVSS Score
5.0
EPSS Score
0.043
Published
2010-08-19
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
CVSS Score
5.8
EPSS Score
0.011
Published
2009-05-14
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVSS Score
6.4
EPSS Score
0.227
Published
2006-08-11
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
CVSS Score
4.3
EPSS Score
0.097
Published
2005-07-13
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
CVSS Score
4.3
EPSS Score
0.016
Published
2005-06-16
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
CVSS Score
4.3
EPSS Score
0.013
Published
2005-01-29