Lucene search
MitreCVELIST:CVE-2016-9920HistoryDec 08, 2016 - 6:00 p.m.
CVE-2016-9920
2016-12-0818:00:00
mitre
raw.githubusercontent.com
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.
Related
nessus
nessus
Fedora 24 : roundcubemail (2016-60753c3dcd)
2016-12-14 00:00:00
Fedora 25 : roundcubemail (2016-d361d188d9)
2016-12-12 00:00:00
Fedora 23 : roundcubemail (2016-b4896f20b3)
2016-12-14 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: roundcubemail-1.2.3-1.fc24
2016-12-13 22:54:34
[SECURITY] Fedora 23 Update: roundcubemail-1.2.3-1.fc23
2016-12-14 00:51:48
[SECURITY] Fedora 25 Update: roundcubemail-1.2.3-1.fc25
2016-12-11 00:30:47
osv
osv
roundcube - security update
2016-12-08 00:00:00
cve
cve
CVE-2016-9920
2016-12-08 18:59:00
CVE-2017-1000204
2017-11-17 20:29:00
openvas
openvas
Fedora Update for roundcubemail FEDORA-2016-60753c3dcd
2016-12-14 00:00:00
Debian: Security Advisory (DLA-737-1)
2023-03-08 00:00:00
Fedora Update for roundcubemail FEDORA-2016-d361d188d9
2016-12-12 00:00:00
gentoo
gentoo
Roundcube: Arbitrary code execution
2016-12-24 00:00:00
seebug
seebug
Roundcube 1.2.2: Command Execution via Email
2016-12-08 00:00:00
ripstech
ripstech
Why mail() is dangerous in PHP
2017-05-03 15:00:00
prion
prion
Server side request forgery (ssrf)
2016-12-08 18:59:00
mageia
mageia
Updated roundcubemail packages fix security vulnerability
2016-12-30 02:39:37
freebsd
freebsd
Roundcube -- arbitrary command execution
2016-11-29 00:00:00
debiancve
debiancve
CVE-2016-9920
2016-12-08 18:59:00
ubuntucve
ubuntucve
CVE-2016-9920
2016-12-08 00:00:00