Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail - vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the password.
Roundcube Webmail
4.3
CVSSv2
CVE-2016-4552
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
Roundcube Webmail 1.2
6
CVSSv2
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
1 Github repository
6.8
CVSSv2
CVE-2016-4069
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail prior to 1.1.5 allows remote malicious users to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Opensuse Leap 42.1
Roundcube Webmail
4
CVSSv2
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
6
CVSSv2
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
1 EDB exploit
4.3
CVSSv2
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.1
Roundcube Webmail
3.5
CVSSv2
CVE-2015-8105
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Roundcube Webmail
Roundcube Webmail 1.1.0
Roundcube Webmail 1.1.2
Roundcube Webmail 1.1.1
4.3
CVSSv2
CVE-2015-1433
program/lib/Roundcube/rcube_washtml.php in Roundcube prior to 1.0.5 does not properly quote strings, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Roundcube Webmail
Fedoraproject Fedora 21
6.8
CVSSv2
CVE-2014-9587
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail prior to 1.0.4 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Roundcube Webmail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »