The remote host is vulnerable to multiple attack vectors.
The remote host is running SquirrelMail, a webmail system written in PHP. The version of SquirrelMail installed on the remote host is prone to multiple flaws : - Multiple Cross-Site Scripting Vulnerabilities. Using a specially-crafted URL or email message, an attacker may be able to exploit these flaws, stealing cookie-based session identifiers and thereby hijacking SquirrelMail sessions. - Post Variable Handling Vulnerabilities - Using specially-crafted POST requests, an attacker may be able to set random variables in the file 'options_identities.php', which could lead to accessing other users' preferences, cross-site scripting attacks, and writing to arbitrary files.
Upgrade to version 1.4.5 or higher.