GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*

part: a version: 1.44 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:11.045345
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:11.045347
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:11.045349
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:11.045350

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-2813`	vulnerable	2026-06-08 04:55:10.845729	Details available functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. Published: 2010-08-19T17:43:00.000Z Updated: 2024-08-07T02:46:48.556Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1580`	vulnerable	2026-06-08 04:51:24.134766	Details available Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.615Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog http://www.vupen.com/english/advisories/2010/1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4019`	vulnerable	2026-06-08 04:49:10.726576	Details available Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. Published: 2006-08-11T21:00:00.000Z Updated: 2024-08-07T18:57:43.887Z Open on db.gcve.eu Reference links http://secunia.com/advisories/21586 https://issues.rpath.com/browse/RPL-577 http://www.vupen.com/english/advisories/2007/2732 http://www.debian.org/security/2006/dsa-1154 http://secunia.com/advisories/21354	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-2095`	vulnerable	2026-06-08 04:48:28.339771	Details available options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. Published: 2005-07-13T04:00:00.000Z Updated: 2024-08-07T22:15:37.326Z Open on db.gcve.eu Reference links http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.securityfocus.com/bid/14254 http://www.securityfocus.com/archive/1/405200 http://www.gulftech.org/?node=research&article_id=00090-07142005 http://www.securityfocus.com/archive/1/405202	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1769`	vulnerable	2026-06-08 04:48:27.481366	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. Published: 2005-06-20T04:00:00.000Z Updated: 2024-08-07T21:59:24.384Z Open on db.gcve.eu Reference links http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:108 http://www.squirrelmail.org/security/issue/2005-06-15 http://marc.info/?l=bugtraq&m=111893827711390&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9852	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0104`	vulnerable	2026-06-08 04:48:11.355771	Details available Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. Published: 2005-02-06T05:00:00.000Z Updated: 2024-08-07T20:57:40.971Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10568 http://secunia.com/advisories/14096 http://www.redhat.com/support/errata/RHSA-2005-135.html http://marc.info/?l=bugtraq&m=110702772714662&w=2 http://www.redhat.com/support/errata/RHSA-2005-099.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.