Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the password.
Roundcube Webmail
383
VMScore
CVE-2016-4552
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
Roundcube Webmail 1.2
534
VMScore
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
1 Github repository
605
VMScore
CVE-2016-4069
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail prior to 1.1.5 allows remote malicious users to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Opensuse Leap 42.1
Roundcube Webmail
605
VMScore
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
1 EDB exploit
356
VMScore
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
383
VMScore
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail
312
VMScore
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.2
Roundcube Webmail 1.1.1
383
VMScore
CVE-2015-1433
program/lib/Roundcube/rcube_washtml.php in Roundcube prior to 1.0.5 does not properly quote strings, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Roundcube Webmail
Fedoraproject Fedora 21
605
VMScore
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail prior to 1.0.4 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Roundcube Webmail
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »