Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions prior to 1.0.11, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
Roundcube Webmail
7.5
CVSSv3
CVE-2018-1000071
roundcube version 1.3.4 and previous versions contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Roundcube Webmail
8.8
CVSSv3
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the password.
Roundcube Webmail
8.8
CVSSv3
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allow remote malicious users to have unspecified impact via the (1) password or (2) username.
Roundcube Webmail
NA
CVE-2007-6321
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and previous versions versions, when using Internet Explorer, allows remote malicious users to inject arbitrary web script or HTML via style sheets containing expression commands.
Roundcube Webmail
1 EDB exploit
5.4
CVSSv3
CVE-2020-18671
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
Roundcube Webmail
NA
CVE-2005-4368
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote malicious users to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
Roundcube Webmail -
6.1
CVSSv3
CVE-2016-4552
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
Roundcube Webmail 1.2
NA
CVE-2009-0413
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote malicious users to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
Roundcube Webmail 0.2
5.4
CVSSv3
CVE-2020-18670
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
Roundcube Webmail 1.4.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »