Squirrelmail : Security Vulnerabilities, CVEs, Published In 2010
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.
Max CVSS
5.0
EPSS Score
11.47%
Published
2010-08-19
Updated
2017-08-17
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
Max CVSS
6.5
EPSS Score
0.32%
Published
2010-06-22
Updated
2024-02-08
2 vulnerabilities found