Squirrelmail

squirrelmail

Vendor: Squirrelmail • 64 CVEs

CVEs (64)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2002-1132 1Squirrelmail 1Squirrelmail Apr 16, 2026 Oct 4, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included...Show more SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.Show less
CVE-2002-1131 1Squirrelmail 1Squirrelmail Apr 16, 2026 Oct 4, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
CVE-2002-0516 1Squirrelmail 1Squirrelmail Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
CVE-2001-1159 1Squirrelmail 1Squirrelmail Apr 16, 2026 Jul 2, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir op...Show more load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.Show less

Previous 1 2 34