Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Max CVSS
6.8
EPSS Score
2.29%
Published
2004-08-18
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Max CVSS
6.8
EPSS Score
1.84%
Published
2004-08-18
Updated
2017-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
Max CVSS
6.8
EPSS Score
3.29%
Published
2004-08-06
Updated
2017-07-11
Routed allows attackers to append data to files.
Max CVSS
6.4
EPSS Score
3.22%
Published
1998-10-26
Updated
2008-09-09
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
Max CVSS
6.4
EPSS Score
5.12%
Published
1999-05-31
Updated
2017-12-19
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
Max CVSS
6.4
EPSS Score
0.30%
Published
2000-04-12
Updated
2008-09-10
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
Max CVSS
6.4
EPSS Score
0.64%
Published
2004-08-18
Updated
2017-10-11
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
Max CVSS
6.2
EPSS Score
0.04%
Published
1994-10-02
Updated
2017-12-19
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
Max CVSS
6.2
EPSS Score
0.04%
Published
1997-05-07
Updated
2016-10-18
addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.
Max CVSS
6.2
EPSS Score
0.04%
Published
1997-05-09
Updated
2016-10-18
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
Max CVSS
6.2
EPSS Score
0.13%
Published
1991-10-22
Updated
2008-09-10
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
Max CVSS
6.0
EPSS Score
0.04%
Published
2024-02-28
Updated
2024-02-29
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!