Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
Analogic Poste.io 2.1.6
4.3
CVSSv2
CVE-2019-10740
In Roundcube Webmail prior to 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can...
Roundcube Webmail
Fedoraproject Fedora 29
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
5
CVSSv2
CVE-2018-19205
Roundcube prior to 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for malicious users to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Roundcube Webmail
4.3
CVSSv2
CVE-2018-19206
steps/mail/func.inc in Roundcube prior to 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
Roundcube Webmail
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
6.8
CVSSv2
CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform a...
Roundcube Webmail
Debian Debian Linux 9.0
1 Github repository
5
CVSSv2
CVE-2018-1000072
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via networ...
Iredmail Iredmail
5
CVSSv2
CVE-2018-1000071
roundcube version 1.3.4 and previous versions contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Roundcube Webmail
4.6
CVSSv2
CVE-2017-16651
Roundcube Webmail prior to 1.1.10, 1.2.x prior to 1.2.7, and 1.3.x prior to 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at th...
Roundcube Webmail 1.3.0
Roundcube Webmail 1.2.5
Roundcube Webmail
Roundcube Webmail 1.3.2
Roundcube Webmail 1.2.3
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.0
Roundcube Webmail 1.3.1
Roundcube Webmail 1.2.6
Roundcube Webmail 1.2.4
Debian Debian Linux 9.0
Debian Debian Linux 7.0
2 Github repositories
4.3
CVSSv2
CVE-2015-5381
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »