Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube roundcube webmail 1.1.1 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
356
VMScore
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.0
356
VMScore
CVE-2015-5382
program/steps/addressbook/photo.inc in Roundcube Webmail prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
383
VMScore
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1.0
445
VMScore
CVE-2015-5383
Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
Roundcube Webmail 1.1
Roundcube Roundcube Webmail 1.1.1
383
VMScore
CVE-2015-5381
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
383
VMScore
CVE-2015-8864
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Roundcube Webmail 1.1
Roundcube Webmail
Roundcube Webmail 1.1.4
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
383
VMScore
CVE-2016-4068
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.4
Roundcube Webmail
Roundcube Roundcube Webmail 1.1.2
Roundcube Webmail 1.1
Roundcube Roundcube Webmail 1.1.3
312
VMScore
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.2
187
VMScore
CVE-2022-28218
An issue exists in CipherMail Webmail Messenger 1.1.1 up to and including 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
Ciphermail Webmail Messenger
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started