Skip to main content

Squirrelmail

12 CVEs product

Monthly

CVE-2020-14933 HIGH This Week

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Squirrelmail
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-14932 CRITICAL Act Now

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Squirrelmail
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-12970 MEDIUM POC This Month

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-14955 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14954 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-14953 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14952 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14951 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14950 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-8741 HIGH PATCH This Week

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Squirrelmail Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
4.5%
CVE-2017-7692 HIGH POC THREAT Act Now

SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

RCE PHP Squirrelmail
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
15.5%
CVE-2012-2124 MEDIUM This Month

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Denial Of Service Squirrelmail Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.8%
EPSS 1% CVSS 8.8
HIGH This Week

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Squirrelmail
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Squirrelmail
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Squirrelmail +1
NVD GitHub
EPSS 16% CVSS 8.8
HIGH POC THREAT Act Now

SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

RCE PHP Squirrelmail
NVD Exploit-DB
EPSS 1% CVSS 5.0
MEDIUM This Month

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Denial Of Service +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy