Information on source package squirrelmail

Available versions

ReleaseVersion
jessie2:1.4.23~svn20120406-2+deb8u2
jessie (security)2:1.4.23~svn20120406-2+deb8u4

Resolved issues

BugDescription
CVE-2019-12970XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...
CVE-2018-8741A directory traversal flaw in SquirrelMail 1.4.22 allows an authentica ...
CVE-2018-14955The mail message display page in SquirrelMail through 1.4.22 has XSS v ...
CVE-2018-14954The mail message display page in SquirrelMail through 1.4.22 has XSS v ...
CVE-2018-14953The mail message display page in SquirrelMail through 1.4.22 has XSS v ...
CVE-2018-14952The mail message display page in SquirrelMail through 1.4.22 has XSS v ...
CVE-2018-14951The mail message display page in SquirrelMail through 1.4.22 has XSS v ...
CVE-2018-14950The mail message display page in SquirrelMail through 1.4.22 has XSS v ...
CVE-2017-7692SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allo ...
CVE-2012-2124functions/imap_general.php in SquirrelMail, as used in Red Hat Enterpr ...
CVE-2011-2753Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...
CVE-2011-2752CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...
CVE-2011-2023Cross-site scripting (XSS) vulnerability in functions/mime.php in Squi ...
CVE-2010-4555Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...
CVE-2010-4554functions/page_header.php in SquirrelMail 1.4.21 and earlier does not ...
CVE-2010-2813functions/imap_general.php in SquirrelMail before 1.4.21 does not prop ...
CVE-2010-1637The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...
CVE-2009-2964Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...
CVE-2009-1581functions/mime.php in SquirrelMail before 1.4.18 does not protect the ...
CVE-2009-1580Session fixation vulnerability in SquirrelMail before 1.4.18 allows re ...
CVE-2009-1579The map_yp_alias function in functions/imap_general.php in SquirrelMai ...
CVE-2009-1578Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...
CVE-2009-1381The map_yp_alias function in functions/imap_general.php in SquirrelMai ...
CVE-2009-0030A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...
CVE-2008-3663Squirrelmail 1.4.15 does not set the secure flag for the session cooki ...
CVE-2008-2379Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...
CVE-2007-6348SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net befo ...
CVE-2007-2589Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...
CVE-2007-1262Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...
CVE-2006-6142Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...
CVE-2006-4019Dynamic variable evaluation vulnerability in compose.php in SquirrelMa ...
CVE-2006-3665SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...
CVE-2006-3174Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...
CVE-2006-2842
CVE-2006-0377CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows rem ...
CVE-2006-0195Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...
CVE-2006-0188webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...
CVE-2005-2095options_identities.php in SquirrelMail 1.4.4 and earlier uses the extr ...
CVE-2005-1769Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...
CVE-2005-0152PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows r ...
CVE-2005-0104Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMai ...
CVE-2005-0103PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...
CVE-2005-0075prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...
CVE-2004-1036Cross-site scripting (XSS) vulnerability in the decoding of encoded te ...
CVE-2004-0639Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1. ...
CVE-2004-0521SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows re ...
CVE-2004-0520Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...
CVE-2004-0519Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...
CVE-2003-0990The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...
CVE-2003-0160Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...
CVE-2002-1650The spell checker plugin (check_me.mod.php) for SquirrelMail before 1. ...
CVE-2002-1649Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelM ...
CVE-2002-1648Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...
CVE-2002-1341Cross-site scripting (XSS) vulnerability in read_body.php for Squirrel ...
CVE-2002-1276An incomplete fix for a cross-site scripting (XSS) vulnerability in Sq ...
CVE-2002-1132SquirrelMail 1.2.7 and earlier allows remote attackers to determine th ...
CVE-2002-1131Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier ...

Security announcements

DSA / DLADescription
DLA-1868-1squirrelmail - security update
DLA-1484-1squirrelmail - security update
DLA-1344-1squirrelmail - security update
DSA-4168-1squirrelmail - security update
DLA-941-1squirrelmail - security update
DSA-3852-1squirrelmail - security update
DSA-2291-1squirrelmail - various issues
DSA-2291-1squirrelmail - various issues
DSA-2091-1squirrelmail - cross-site request forgery
DSA-1802-2squirrelmail - incomplete fix
DSA-1802-2squirrelmail - incomplete fix
DSA-1802-1squirrelmail - several vulnerabilities
DSA-1802-1squirrelmail - several vulnerabilities
DSA-1682-1squirrelmail - cross site scripting
DSA-1290-1squirrelmail
DSA-1290-1squirrelmail
DSA-1241-1squirrelmail
DSA-1154squirrelmail - variable overwriting
DSA-988-1squirrelmail - several
DSA-988-1squirrelmail - several
DSA-756-1squirrelmail - several
DSA-756-1squirrelmail - several
DSA-662-1squirrelmail - several
DSA-535squirrelmail - several vulnerabilities
DSA-220squirrelmail - cross site scripting
DSA-191squirrelmail - cross site scripting

Search for package or bug name: Reporting problems