Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube roundcube vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-19205
Roundcube prior to 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for malicious users to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Roundcube Webmail
4.3
CVSSv2
CVE-2007-6321
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and previous versions versions, when using Internet Explorer, allows remote malicious users to inject arbitrary web script or HTML via style sheets containing expression commands.
Roundcube Webmail
1 EDB exploit
5
CVSSv2
CVE-2005-4368
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote malicious users to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
Roundcube Webmail -
6.5
CVSSv2
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allow remote malicious users to have unspecified impact via the (1) password or (2) username.
Roundcube Webmail
5
CVSSv2
CVE-2018-1000071
roundcube version 1.3.4 and previous versions contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Roundcube Webmail
6.8
CVSSv2
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail prior to 1.0.4 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Roundcube Webmail
3.5
CVSSv2
CVE-2020-18671
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
Roundcube Webmail
4.3
CVSSv2
CVE-2021-46144
Roundcube prior to 1.4.13 and 1.5.x prior to 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Roundcube Roundcube
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2016-4552
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
Roundcube Webmail 1.2
4.3
CVSSv2
CVE-2012-3508
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote malicious users to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
Roundcube Webmail 0.8.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »