Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2009-4077
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and previous versions allows remote malicious users to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-200...
Roundcube Webmail
Roundcube Webmail 0.1
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.2.1
6.8
CVSSv2
CVE-2009-4076
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and previous versions allows remote malicious users to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2...
Roundcube Webmail
Roundcube Webmail 0.1
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.2.1
6.5
CVSSv2
CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions prior to 1.0.11, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
Roundcube Webmail
6.5
CVSSv2
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allow remote malicious users to have unspecified impact via the (1) password or (2) username.
Roundcube Webmail
6
CVSSv2
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
1 Github repository
6
CVSSv2
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
1 EDB exploit
5.5
CVSSv2
CVE-2011-1492
steps/utils/modcss.inc in Roundcube Webmail prior to 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server...
Roundcube Webmail 0.1
Roundcube Webmail 0.4
Roundcube Webmail 0.3
Roundcube Webmail 0.5
Roundcube Webmail 0.2
Roundcube Webmail 0.4.2
Roundcube Webmail
Roundcube Webmail 0.1.1
Roundcube Webmail 0.4.1
Roundcube Webmail 0.3.1
Roundcube Webmail 0.2.1
5
CVSSv2
CVE-2018-19205
Roundcube prior to 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for malicious users to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Roundcube Webmail
5
CVSSv2
CVE-2018-1000072
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via networ...
Iredmail Iredmail
5
CVSSv2
CVE-2018-1000071
roundcube version 1.3.4 and previous versions contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Roundcube Webmail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »