Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube roundcube vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-8864
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.0.9 and 1.1.x prior to 1.1.5 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Roundcube Webmail 1.1
Roundcube Webmail
Roundcube Webmail 1.1.4
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
383
VMScore
CVE-2017-6820
rcube_utils.php in Roundcube prior to 1.1.8 and 1.2.x prior to 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
Roundcube Webmail
Roundcube Webmail 1.2.3
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.0
801
VMScore
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the password.
Roundcube Webmail
578
VMScore
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allow remote malicious users to have unspecified impact via the (1) password or (2) username.
Roundcube Webmail
383
VMScore
CVE-2016-4552
Cross-site scripting (XSS) vulnerability in Roundcube Webmail prior to 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
Roundcube Webmail 1.2
534
VMScore
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
1 Github repository
605
VMScore
CVE-2016-4069
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail prior to 1.1.5 allows remote malicious users to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Opensuse Leap 42.1
Roundcube Webmail
605
VMScore
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
383
VMScore
CVE-2015-8793
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability th...
Roundcube Webmail 1.1.1
Roundcube Webmail
Roundcube Webmail 1.1.0
356
VMScore
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »