Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-4069
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail prior to 1.1.5 allows remote malicious users to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Opensuse Leap 42.1
Roundcube Webmail
6
CVSSv2
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
4.3
CVSSv2
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1.0
4
CVSSv2
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.0
3.5
CVSSv2
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail 1.1.2
4.3
CVSSv2
CVE-2015-1433
program/lib/Roundcube/rcube_washtml.php in Roundcube prior to 1.0.5 does not properly quote strings, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Roundcube Webmail
Fedoraproject Fedora 21
6.8
CVSSv2
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail prior to 1.0.4 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Roundcube Webmail
5
CVSSv2
CVE-2013-1904
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail prior to 0.7.3 and 0.8.x prior to 0.8.6 allows remote malicious users to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf ac...
Roundcube Webmail 0.8.2
Roundcube Webmail 0.8.1
Roundcube Webmail 0.8.0
Roundcube Webmail
Roundcube Webmail 0.4
Roundcube Webmail 0.3.1
Roundcube Webmail 0.3
Roundcube Webmail 0.1
Roundcube Webmail 0.5.2
Roundcube Webmail 0.5.1
Roundcube Webmail 0.5
Roundcube Webmail 0.2
Roundcube Webmail 0.1.1
Roundcube Webmail 0.8.5
Roundcube Webmail 0.8.3
Roundcube Webmail 0.7.1
Roundcube Webmail 0.6
Roundcube Webmail 0.5.3
Roundcube Webmail 0.4.1
Roundcube Webmail 0.2.1
Roundcube Webmail 0.8.4
Roundcube Webmail 0.7
7.5
CVSSv2
CVE-2013-6172
steps/utils/save_pref.inc in Roundcube webmail prior to 0.8.7 and 0.9.x prior to 0.9.5 allows remote malicious users to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary c...
Roundcube Webmail 0.9
Roundcube Webmail 0.8.2
Roundcube Webmail 0.8.1
Roundcube Webmail 0.5.3
Roundcube Webmail 0.5.2
Roundcube Webmail 0.4
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2
Roundcube Webmail 0.1
Roundcube Webmail 0.9.3
Roundcube Webmail 0.9.2
Roundcube Webmail
Roundcube Webmail 0.8.5
Roundcube Webmail 0.7.2
Roundcube Webmail 0.7.1
Roundcube Webmail 0.7
Roundcube Webmail 0.5
Roundcube Webmail 0.3
Roundcube Webmail 0.1.1
Roundcube Webmail 0.9.1
Roundcube Webmail 0.9.0
Roundcube Webmail 0.8.4
3.5
CVSSv2
CVE-2013-5646
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.
Roundcube Webmail 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »