GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*

part: a version: 1.2.6-rc1 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:10.994091
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:10.994092
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:10.994094
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:10.994095

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-2964`	vulnerable	2026-06-08 04:51:31.588046	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. Published: 2009-08-25T17:00:00.000Z Updated: 2024-08-07T06:07:37.413Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html https://gna.org/forum/forum.php?forum_id=2146 http://www.vupen.com/english/advisories/2010/1481 http://download.gna.org/nasmail/nasmail-1.7.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1381`	vulnerable	2026-06-08 04:51:22.510143	Details available The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579. Published: 2009-05-22T20:00:00.000Z Updated: 2024-08-07T05:13:25.559Z Open on db.gcve.eu Reference links http://secunia.com/advisories/35140 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html http://www.securityfocus.com/archive/1/503718/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2009:122 http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Squirrelmail

PURL mappings

Vulnerability references

Contribute