Squirrelmail

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request

CVE-2020-14932 9.8 - Critical - June 20, 2020

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

Marshaling, Unmarshaling

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request

CVE-2020-14933 8.8 - High - June 20, 2020

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).

Marshaling, Unmarshaling

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2

CVE-2019-12970 6.1 - Medium - July 01, 2019

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.

XSS

The mail message display page in SquirrelMail through 1.4.22 has XSS

CVE-2018-14950 6.1 - Medium - August 05, 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.

XSS

The mail message display page in SquirrelMail through 1.4.22 has XSS

CVE-2018-14951 6.1 - Medium - August 05, 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.

XSS

The mail message display page in SquirrelMail through 1.4.22 has XSS

CVE-2018-14952 6.1 - Medium - August 05, 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.

XSS

The mail message display page in SquirrelMail through 1.4.22 has XSS

CVE-2018-14953 6.1 - Medium - August 05, 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.

XSS

The mail message display page in SquirrelMail through 1.4.22 has XSS

CVE-2018-14954 6.1 - Medium - August 05, 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.

XSS

The mail message display page in SquirrelMail through 1.4.22 has XSS

CVE-2018-14955 6.1 - Medium - August 05, 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).

XSS

A directory traversal flaw in SquirrelMail 1.4.22

CVE-2018-8741 8.8 - High - March 17, 2018

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.

Directory traversal

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which

CVE-2012-2124 - January 18, 2013

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

Resource Management Errors

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier

CVE-2010-1637 6.5 - Medium - June 22, 2010

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

XSPA

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string

CVE-2009-1381 - May 22, 2009

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which

CVE-2009-0030 - January 21, 2009

A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663.

authentification

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled

CVE-2006-2842 - June 06, 2006

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable