The DBMail driver in the Password plugin in Roundcube prior to 1.1.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the password.
roundcube webmail