Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail - vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
1 Github repository
4.3
CVSSv2
CVE-2015-8864
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Roundcube Webmail 1.1
Roundcube Webmail
Roundcube Webmail 1.1.4
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
4.3
CVSSv2
CVE-2016-4068
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.4
Roundcube Webmail
Roundcube Roundcube Webmail 1.1.2
Roundcube Webmail 1.1
Roundcube Roundcube Webmail 1.1.3
4.3
CVSSv2
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1.0
3.5
CVSSv2
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.2
4.3
CVSSv2
CVE-2015-5381
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
5
CVSSv2
CVE-2015-5383
Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
Roundcube Webmail 1.1
Roundcube Roundcube Webmail 1.1.1
10
CVSSv2
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer prior to 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote malicious users to execute arbitrary code via crafted input that is processed by the ...
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2.3
2 EDB exploits
5
CVSSv2
CVE-2005-4368
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote malicious users to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
Roundcube Webmail -
5
CVSSv2
CVE-2018-19205
Roundcube prior to 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for malicious users to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Roundcube Webmail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »