Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail 1.1.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allow remote malicious users to have unspecified impact via the (1) password or (2) username.
Roundcube Webmail
8.8
CVSSv3
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the password.
Roundcube Webmail
7.5
CVSSv3
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
6.1
CVSSv3
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1.0
6.5
CVSSv3
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.0
NA
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started