Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-1000072
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via networ...
Iredmail Iredmail
7.8
CVSSv3
CVE-2017-16651
Roundcube Webmail prior to 1.1.10, 1.2.x prior to 1.2.7, and 1.3.x prior to 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at th...
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
Roundcube Webmail
Roundcube Webmail 1.3.2
Roundcube Webmail 1.3.1
Roundcube Webmail 1.3.0
Roundcube Webmail 1.2.6
Roundcube Webmail 1.2.5
Roundcube Webmail 1.2.4
Roundcube Webmail 1.2.3
Debian Debian Linux 7.0
Debian Debian Linux 9.0
2 Github repositories
6.1
CVSSv3
CVE-2015-5381
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
7.5
CVSSv3
CVE-2015-5383
Roundcube Webmail 1.1.x prior to 1.1.2 allows remote malicious users to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
6.5
CVSSv3
CVE-2015-5382
program/steps/addressbook/photo.inc in Roundcube Webmail prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
8.8
CVSSv3
CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions prior to 1.0.11, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
Roundcube Webmail
6.1
CVSSv3
CVE-2016-4068
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1
Roundcube Webmail 1.1.4
6.1
CVSSv3
CVE-2015-8864
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1
Roundcube Webmail 1.1.4
6.1
CVSSv3
CVE-2017-6820
rcube_utils.php in Roundcube prior to 1.1.8 and 1.2.x prior to 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.3
Roundcube Webmail
8.8
CVSSv3
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allow remote malicious users to have unspecified impact via the (1) password or (2) username.
Roundcube Webmail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »