GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*

part: a version: 1.4.15 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2753`	vulnerable	2026-06-08 04:58:09.080349	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:24.126Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 https://bugzilla.redhat.com/show_bug.cgi?id=720694 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2752`	vulnerable	2026-06-08 04:58:09.078055	Details available CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:23.802Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2023`	vulnerable	2026-06-08 04:58:03.531730	Details available Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-06T22:46:00.972Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-10 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4555`	vulnerable	2026-06-08 04:56:29.191136	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.937Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4554`	vulnerable	2026-06-08 04:56:29.183520	Details available functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.299Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-12 https://bugzilla.redhat.com/show_bug.cgi?id=720693	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2813`	vulnerable	2026-06-08 04:55:10.840326	Details available functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. Published: 2010-08-19T17:43:00.000Z Updated: 2024-08-07T02:46:48.556Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2964`	vulnerable	2026-06-08 04:51:31.600199	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. Published: 2009-08-25T17:00:00.000Z Updated: 2024-08-07T06:07:37.413Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html https://gna.org/forum/forum.php?forum_id=2146 http://www.vupen.com/english/advisories/2010/1481 http://download.gna.org/nasmail/nasmail-1.7.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1581`	vulnerable	2026-06-08 04:51:24.136761	Details available functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:33.965Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=500356 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1580`	vulnerable	2026-06-08 04:51:24.132718	Details available Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.615Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog http://www.vupen.com/english/advisories/2010/1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1579`	vulnerable	2026-06-08 04:51:24.109536	Details available The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.591Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674 https://gna.org/forum/forum.php?forum_id=2146 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1578`	vulnerable	2026-06-08 04:51:24.106203	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.865Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://gna.org/forum/forum.php?forum_id=2146 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-3663`	vulnerable	2026-06-08 04:50:35.887251	Details available Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Published: 2008-09-24T14:00:00.000Z Updated: 2024-08-07T09:45:19.086Z Open on db.gcve.eu Reference links http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html http://secunia.com/advisories/33937 http://int21.de/cve/CVE-2008-3663-squirrelmail.html http://www.securityfocus.com/bid/31321 http://support.apple.com/kb/HT3438	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2379`	vulnerable	2026-06-08 04:50:23.779598	Details available Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Published: 2008-12-05T00:00:00.000Z Updated: 2024-08-07T08:58:02.253Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/33937 http://secunia.com/advisories/33071 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://secunia.com/advisories/33054	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Squirrelmail

PURL mappings

Vulnerability references

Contribute