{"id": "FEDORA:AE21622DFC", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 18 Update: roundcubemail-0.9.5-1.fc18", "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "published": "2013-10-31T02:59:02", "modified": "2013-10-31T02:59:02", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2012-6121", "CVE-2013-6172"], "lastseen": "2020-12-21T08:17:52", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6121", "CVE-2013-6172"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310867007", "OPENVAS:1361412562310866918", "OPENVAS:1361412562310121146", "OPENVAS:867041", "OPENVAS:867007", "OPENVAS:1361412562310867041", "OPENVAS:865369", "OPENVAS:1361412562310865366", "OPENVAS:1361412562310892787", "OPENVAS:892787"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30104"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2787-1:60087", "DEBIAN:BSA-085:5E784"]}, {"type": "gentoo", "idList": ["GLSA-201402-15"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-130.NASL", "FEDORA_2013-19745.NASL", "GENTOO_GLSA-201402-15.NASL", "OPENSUSE-2013-687.NASL", "FEDORA_2013-19699.NASL", "MANDRIVA_MDVSA-2013-263.NASL", "OPENSUSE-2014-210.NASL", "DEBIAN_DSA-2787.NASL", "FEDORA_2013-19729.NASL"]}, {"type": "fedora", "idList": ["FEDORA:CE09E20D2C", "FEDORA:8658921292", "FEDORA:491AD24696", "FEDORA:3381C20A10", "FEDORA:21E6420D56", "FEDORA:0062920DC6", "FEDORA:AE14F20A60", "FEDORA:0478A2274B"]}], "modified": "2020-12-21T08:17:52", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-12-21T08:17:52", "rev": 2}, "vulnersScore": 5.9}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "18", "arch": "any", "packageName": "roundcubemail", "packageVersion": "0.9.5", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-12-09T19:47:26", "description": "Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.", "edition": 5, "cvss3": {}, "published": "2013-02-24T21:55:00", "title": "CVE-2012-6121", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6121"], "modified": "2015-08-24T14:22:00", "cpe": ["cpe:/a:roundcube:webmail:0.8.2", "cpe:/a:roundcube:webmail:0.7.3", "cpe:/a:roundcube:webmail:0.8.0", "cpe:/a:roundcube:webmail:0.2.2", "cpe:/a:roundcube:webmail:0.4", "cpe:/a:roundcube:webmail:0.4.2", "cpe:/a:roundcube:webmail:0.2.1", "cpe:/a:roundcube:webmail:0.6", "cpe:/a:roundcube:webmail:0.2", "cpe:/a:roundcube:webmail:0.8.4", "cpe:/a:roundcube:webmail:0.3.1", "cpe:/a:roundcube:webmail:0.1", "cpe:/a:roundcube:webmail:0.5.4", "cpe:/a:roundcube:webmail:0.7.1", "cpe:/a:roundcube:webmail:0.4.1", "cpe:/a:roundcube:webmail:0.5", "cpe:/a:roundcube:webmail:0.7.2", "cpe:/a:roundcube:webmail:0.1.1", "cpe:/a:roundcube:webmail:0.8.3", "cpe:/a:roundcube:webmail:0.5.2", "cpe:/a:roundcube:webmail:0.8.1", "cpe:/a:roundcube:webmail:0.5.1", "cpe:/a:roundcube:webmail:0.5.3", "cpe:/a:roundcube:webmail:0.7", "cpe:/a:roundcube:webmail:0.3"], "id": "CVE-2012-6121", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6121", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:roundcube:webmail:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:stable:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:stable:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:stable:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:48", "description": "steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.", "edition": 5, "cvss3": {}, "published": "2013-11-05T18:55:00", "title": "CVE-2013-6172", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6172"], "modified": "2014-03-26T04:54:00", "cpe": ["cpe:/a:roundcube:webmail:0.9.4", "cpe:/a:roundcube:webmail:0.9", "cpe:/a:roundcube:webmail:0.8.2", "cpe:/a:roundcube:webmail:0.7.3", "cpe:/a:roundcube:webmail:0.8.0", "cpe:/a:roundcube:webmail:0.2.2", "cpe:/a:roundcube:webmail:0.9.1", "cpe:/a:roundcube:webmail:0.4", "cpe:/a:roundcube:webmail:0.4.2", "cpe:/a:roundcube:webmail:0.9.0", "cpe:/a:roundcube:webmail:0.9.3", "cpe:/a:roundcube:webmail:0.2.1", "cpe:/a:roundcube:webmail:0.6", "cpe:/a:roundcube:webmail:0.2", "cpe:/a:roundcube:webmail:0.8.6", "cpe:/a:roundcube:webmail:0.8.4", "cpe:/a:roundcube:webmail:0.3.1", "cpe:/a:roundcube:webmail:0.1", "cpe:/a:roundcube:webmail:0.5.4", "cpe:/a:roundcube:webmail:0.7.1", "cpe:/a:roundcube:webmail:0.4.1", "cpe:/a:roundcube:webmail:0.5", "cpe:/a:roundcube:webmail:0.8.5", "cpe:/a:roundcube:webmail:0.7.2", "cpe:/a:roundcube:webmail:0.1.1", "cpe:/a:roundcube:webmail:0.8.3", "cpe:/a:roundcube:webmail:0.5.2", "cpe:/a:roundcube:webmail:0.8.1", "cpe:/a:roundcube:webmail:0.5.1", "cpe:/a:roundcube:webmail:0.5.3", "cpe:/a:roundcube:webmail:0.7", "cpe:/a:roundcube:webmail:0.9.2", "cpe:/a:roundcube:webmail:0.3"], "id": "CVE-2013-6172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6172", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:roundcube:webmail:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:stable:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:20050811:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:20051021:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:20050820:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:20051007:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:stable:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:0.3:stable:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172", "CVE-2012-6121"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-11-08T00:00:00", "id": "OPENVAS:1361412562310867041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867041", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-19745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-19745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867041\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:34:33 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-6172\", \"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-19745\");\n\n\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-19745\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119896.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.9.5~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:09:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172", "CVE-2012-6121"], "description": "Check for the Version of roundcubemail", "modified": "2018-01-26T00:00:00", "published": "2013-11-08T00:00:00", "id": "OPENVAS:867041", "href": "http://plugins.openvas.org/nasl.php?oid=867041", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-19745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-19745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867041);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:34:33 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-6172\", \"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-19745\");\n\n tag_insight = \"RoundCube Webmail is a browser-based multilingual IMAP client\nwith an application-like user interface. It provides full\nfunctionality you expect from an e-mail client, including MIME\nsupport, address book, folder manipulation, message searching\nand spell checking. RoundCube Webmail is written in PHP and\nrequires a database: MySQL, PostgreSQL and SQLite are known to\nwork. The user interface is fully skinnable using XHTML and\nCSS 2.\n\";\n\n tag_affected = \"roundcubemail on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-19745\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119896.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of roundcubemail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.9.5~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:10:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "Check for the Version of roundcubemail", "modified": "2018-01-22T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:865369", "href": "http://plugins.openvas.org/nasl.php?oid=865369", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-2195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-2195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"roundcubemail on Fedora 18\";\ntag_insight = \"RoundCube Webmail is a browser-based multilingual IMAP client\n with an application-like user interface. It provides full\n functionality you expect from an e-mail client, including MIME\n support, address book, folder manipulation, message searching\n and spell checking. RoundCube Webmail is written in PHP and\n requires the MySQL database or the PostgreSQL database. The user\n interface is fully skinnable using XHTML and CSS 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098877.html\");\n script_id(865369);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:58:58 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2195\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-2195\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of roundcubemail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.8.5~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310866918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866918", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-16192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-16192\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866918\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:42:50 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-16192\");\n\n\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-16192\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115829.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.9.4~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:1361412562310865366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865366", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-2177", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-2177\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098903.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865366\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:58:45 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2013-2177\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-2177\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.8.5~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:1361412562310865369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865369", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-2195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-2195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098877.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865369\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:58:58 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2013-2195\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-2195\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.8.5~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-25T10:52:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "Check for the Version of roundcubemail", "modified": "2017-07-10T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:866918", "href": "http://plugins.openvas.org/nasl.php?oid=866918", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-16192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-16192\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866918);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:42:50 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-16192\");\n\n tag_insight = \"RoundCube Webmail is a browser-based multilingual IMAP client\nwith an application-like user interface. It provides full\nfunctionality you expect from an e-mail client, including MIME\nsupport, address book, folder manipulation, message searching\nand spell checking. RoundCube Webmail is written in PHP and\nrequires a database: MySQL, PostgreSQL and SQLite are known to\nwork. The user interface is fully skinnable using XHTML and\nCSS 2.\n\";\n\n tag_affected = \"roundcubemail on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-16192\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115829.html\");\n script_summary(\"Check for the Version of roundcubemail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.9.4~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-26T11:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "Check for the Version of roundcubemail", "modified": "2018-01-25T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:865366", "href": "http://plugins.openvas.org/nasl.php?oid=865366", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-2177", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-2177\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"roundcubemail on Fedora 17\";\ntag_insight = \"RoundCube Webmail is a browser-based multilingual IMAP client\n with an application-like user interface. It provides full\n functionality you expect from an e-mail client, including MIME\n support, address book, folder manipulation, message searching\n and spell checking. RoundCube Webmail is written in PHP and\n requires the MySQL database or the PostgreSQL database. The user\n interface is fully skinnable using XHTML and CSS 2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098903.html\");\n script_id(865366);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 09:58:45 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2177\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-2177\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of roundcubemail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.8.5~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-09-06T00:00:00", "id": "OPENVAS:1361412562310866872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866872", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-15223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-15223\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866872\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 09:35:27 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-15223\");\n\n\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15223\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115095.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.9.3~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-02-06T13:10:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "description": "Check for the Version of roundcubemail", "modified": "2018-02-05T00:00:00", "published": "2013-09-06T00:00:00", "id": "OPENVAS:866872", "href": "http://plugins.openvas.org/nasl.php?oid=866872", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2013-15223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2013-15223\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866872);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 09:35:27 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2012-6121\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2013-15223\");\n\n tag_insight = \"RoundCube Webmail is a browser-based multilingual IMAP client\nwith an application-like user interface. It provides full\nfunctionality you expect from an e-mail client, including MIME\nsupport, address book, folder manipulation, message searching\nand spell checking. RoundCube Webmail is written in PHP and\nrequires a database: MySQL, PostgreSQL and SQLite are known to\nwork. The user interface is fully skinnable using XHTML and\nCSS 2.\n\";\n\n tag_affected = \"roundcubemail on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15223\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115095.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of roundcubemail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~0.9.3~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6121"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires the MySQL database or the PostgreSQL database. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-02-18T06:50:50", "published": "2013-02-18T06:50:50", "id": "FEDORA:CE09E20D2C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: roundcubemail-0.8.5-1.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6121"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires the MySQL database or the PostgreSQL database. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-02-18T07:03:14", "published": "2013-02-18T07:03:14", "id": "FEDORA:0062920DC6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: roundcubemail-0.8.5-1.fc17", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6121"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-09-03T22:26:23", "published": "2013-09-03T22:26:23", "id": "FEDORA:0478A2274B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: roundcubemail-0.9.3-2.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6121"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-09-18T13:08:04", "published": "2013-09-18T13:08:04", "id": "FEDORA:8658921292", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: roundcubemail-0.9.4-1.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6172"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-10-26T00:56:27", "published": "2013-10-26T00:56:27", "id": "FEDORA:21E6420D56", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: roundcubemail-0.9.5-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6172"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-11-10T07:15:11", "published": "2013-11-10T07:15:11", "id": "FEDORA:491AD24696", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: roundcubemail-0.9.5-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6121", "CVE-2013-1904"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires the MySQL database or the PostgreSQL database. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-04-07T00:41:17", "published": "2013-04-07T00:41:17", "id": "FEDORA:AE14F20A60", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: roundcubemail-0.8.6-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6121", "CVE-2013-1904"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires the MySQL database or the PostgreSQL database. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2013-04-07T00:30:14", "published": "2013-04-07T00:30:14", "id": "FEDORA:3381C20A10", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: roundcubemail-0.8.6-1.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-20T12:26:11", "description": "The update to version 0.8.5 includes a fix for an XSS vulnerability.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : roundcubemail (openSUSE-SU-2013:0307-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6121"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:roundcubemail", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-130.NASL", "href": "https://www.tenable.com/plugins/nessus/74895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-130.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74895);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6121\");\n\n script_name(english:\"openSUSE Security Update : roundcubemail (openSUSE-SU-2013:0307-1)\");\n script_summary(english:\"Check for the openSUSE-2013-130 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The update to version 0.8.5 includes a fix for an XSS vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-02/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"roundcubemail-0.8.5-3.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:55:33", "description": "The remote host is affected by the vulnerability described in GLSA-201402-15\n(Roundcube: Arbitrary code execution)\n\n A vulnerability in steps/utils/save_pref.inc allows remote attackers to\n use the _session parameter to change configuration settings.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, inject SQL code, or read arbitrary files.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-02-12T00:00:00", "title": "GLSA-201402-15 : Roundcube: Arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2014-02-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:roundcube"], "id": "GENTOO_GLSA-201402-15.NASL", "href": "https://www.tenable.com/plugins/nessus/72452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201402-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72452);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n script_xref(name:\"GLSA\", value:\"201402-15\");\n\n script_name(english:\"GLSA-201402-15 : Roundcube: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201402-15\n(Roundcube: Arbitrary code execution)\n\n A vulnerability in steps/utils/save_pref.inc allows remote attackers to\n use the _session parameter to change configuration settings.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, inject SQL code, or read arbitrary files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201402-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Roundcube 0.9 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/roundcube-0.9.5'\n All Roundcube 0.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/roundcube-0.8.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:roundcube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/roundcube\", unaffected:make_list(\"ge 0.9.5\", \"rge 0.8.7\"), vulnerable:make_list(\"lt 0.9.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Roundcube\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:22", "description": "A vulnerability has been discovered and corrected in roundcubemail :\n\nIt was discovered that roundcube does not properly sanitize the\n_session parameter in steps/utils/save_pref.inc during saving\npreferences. The vulnerability can be exploited to overwrite\nconfiguration settings and subsequently allowing random file access,\nmanipulated SQL queries and even code execution (CVE-2013-6172).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2013-10-30T00:00:00", "title": "Mandriva Linux Security Advisory : roundcubemail (MDVSA-2013:263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2013-10-30T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:roundcubemail"], "id": "MANDRIVA_MDVSA-2013-263.NASL", "href": "https://www.tenable.com/plugins/nessus/70689", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:263. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70689);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n script_xref(name:\"DSA\", value:\"2787\");\n script_xref(name:\"MDVSA\", value:\"2013:263\");\n\n script_name(english:\"Mandriva Linux Security Advisory : roundcubemail (MDVSA-2013:263)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in roundcubemail :\n\nIt was discovered that roundcube does not properly sanitize the\n_session parameter in steps/utils/save_pref.inc during saving\npreferences. The vulnerability can be exploited to overwrite\nconfiguration settings and subsequently allowing random file access,\nmanipulated SQL queries and even code execution (CVE-2013-6172).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://roundcube.net/news/2013/10/21/security-updates-095-and-087/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"roundcubemail-0.8.6-1.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:11:17", "description": "Roundcubemail just released new 0.9.5 version with fixes for\nVCE2013-6172(will be available soon).\n\nHotfix:\nhttps://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\n\nFull announcement :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-11-11T00:00:00", "title": "Fedora 20 : roundcubemail-0.9.5-1.fc20 (2013-19699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2013-11-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:roundcubemail"], "id": "FEDORA_2013-19699.NASL", "href": "https://www.tenable.com/plugins/nessus/70823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-19699.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70823);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n script_xref(name:\"FEDORA\", value:\"2013-19699\");\n\n script_name(english:\"Fedora 20 : roundcubemail-0.9.5-1.fc20 (2013-19699)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Roundcubemail just released new 0.9.5 version with fixes for\nVCE2013-6172(will be available soon).\n\nHotfix:\nhttps://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\n\nFull announcement :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1021735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1021965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120857.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e523763\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"roundcubemail-0.9.5-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:11:17", "description": "Roundcubemail just released new 0.9.5 version with fixes for\nVCE2013-6172(will be available soon).\n\nHotfix:\nhttps://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\n\nFull announcement :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-10-27T00:00:00", "title": "Fedora 19 : roundcubemail-0.9.5-1.fc19 (2013-19729)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2013-10-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:roundcubemail"], "id": "FEDORA_2013-19729.NASL", "href": "https://www.tenable.com/plugins/nessus/70645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-19729.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70645);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n script_xref(name:\"FEDORA\", value:\"2013-19729\");\n\n script_name(english:\"Fedora 19 : roundcubemail-0.9.5-1.fc19 (2013-19729)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Roundcubemail just released new 0.9.5 version with fixes for\nVCE2013-6172(will be available soon).\n\nHotfix:\nhttps://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\n\nFull announcement :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1021735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1021965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119655.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32211126\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"roundcubemail-0.9.5-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:11:17", "description": "Roundcubemail just released new 0.9.5 version with fixes for\nVCE2013-6172(will be available soon).\n\nHotfix:\nhttps://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\n\nFull announcement :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-10-31T00:00:00", "title": "Fedora 18 : roundcubemail-0.9.5-1.fc18 (2013-19745)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2013-10-31T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:roundcubemail"], "id": "FEDORA_2013-19745.NASL", "href": "https://www.tenable.com/plugins/nessus/70700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-19745.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70700);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n script_xref(name:\"FEDORA\", value:\"2013-19745\");\n\n script_name(english:\"Fedora 18 : roundcubemail-0.9.5-1.fc18 (2013-19745)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Roundcubemail just released new 0.9.5 version with fixes for\nVCE2013-6172(will be available soon).\n\nHotfix:\nhttps://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\n\nFull announcement :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1021735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1021965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119896.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9bc47c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"roundcubemail-0.9.5-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:11", "description": "It was discovered that roundcube, a skinnable AJAX based webmail\nsolution for IMAP servers, does not properly sanitize the _session\nparameter in steps/utils/save_pref.inc during saving preferences. The\nvulnerability can be exploited to overwrite configuration settings and\nsubsequently allowing random file access, manipulated SQL queries and\neven code execution.\n\nroundcube in the oldstable distribution (squeeze) is not affected by\nthis problem.", "edition": 16, "published": "2013-10-28T00:00:00", "title": "Debian DSA-2787-1 : roundcube - design error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2013-10-28T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:roundcube"], "id": "DEBIAN_DSA-2787.NASL", "href": "https://www.tenable.com/plugins/nessus/70652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2787. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70652);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n script_xref(name:\"DSA\", value:\"2787\");\n\n script_name(english:\"Debian DSA-2787-1 : roundcube - design error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that roundcube, a skinnable AJAX based webmail\nsolution for IMAP servers, does not properly sanitize the _session\nparameter in steps/utils/save_pref.inc during saving preferences. The\nvulnerability can be exploited to overwrite configuration settings and\nsubsequently allowing random file access, manipulated SQL queries and\neven code execution.\n\nroundcube in the oldstable distribution (squeeze) is not affected by\nthis problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/roundcube\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2787\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the roundcube packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.7.2-9+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:roundcube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"roundcube\", reference:\"0.7.2-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-core\", reference:\"0.7.2-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-mysql\", reference:\"0.7.2-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-pgsql\", reference:\"0.7.2-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-plugins\", reference:\"0.7.2-9+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:27:27", "description": "roundcubemail was updated to 0.9.5 to fix bugs and security issues.\n\nFixed security issues :\n\n - CVE-2013-6172: vulnerability in handling _session\n argument of utils/save-prefs\n\nNew upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)\n\n - Fix failing vCard import when email address field\n contains spaces\n\n - Fix default spell-check configuration after Google\n suspended their spell service\n\n - Fix vulnerability in handling _session argument of\n utils/save-prefs\n\n - Fix iframe onload for upload errors handling\n\n - Fix address matching in Return-Path header on identity\n selection\n\n - Fix text wrapping issue with long unwrappable lines\n\n - Fixed mispelling: occured -> occurred\n\n - Fixed issues where HTML comments inside style tag would\n hang Internet Explorer\n\n - Fix setting domain in virtualmin password driver\n\n - Hide Delivery Status Notification option when\n smtp_server is unset\n\n - Display full attachment name using title attribute when\n name is too long to display\n\n - Fix attachment icon issue when rare font/language is\n used\n\n - Fix expanded thread root message styling after\n refreshing messages list\n\n - Fix issue where From address was removed from Cc and Bcc\n fields when editing a draft\n\n - Fix error_reporting directive check\n\n - Fix de_DE localization of 'About' label in Help plugin", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6172"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:roundcubemail", "p-cpe:/a:novell:opensuse:php5-pear-Net_IDNA2", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-210.NASL", "href": "https://www.tenable.com/plugins/nessus/75292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-210.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75292);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6172\");\n script_bugtraq_id(63300);\n\n script_name(english:\"openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)\");\n script_summary(english:\"Check for the openSUSE-2014-210 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"roundcubemail was updated to 0.9.5 to fix bugs and security issues.\n\nFixed security issues :\n\n - CVE-2013-6172: vulnerability in handling _session\n argument of utils/save-prefs\n\nNew upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)\n\n - Fix failing vCard import when email address field\n contains spaces\n\n - Fix default spell-check configuration after Google\n suspended their spell service\n\n - Fix vulnerability in handling _session argument of\n utils/save-prefs\n\n - Fix iframe onload for upload errors handling\n\n - Fix address matching in Return-Path header on identity\n selection\n\n - Fix text wrapping issue with long unwrappable lines\n\n - Fixed mispelling: occured -> occurred\n\n - Fixed issues where HTML comments inside style tag would\n hang Internet Explorer\n\n - Fix setting domain in virtualmin password driver\n\n - Hide Delivery Status Notification option when\n smtp_server is unset\n\n - Display full attachment name using title attribute when\n name is too long to display\n\n - Fix attachment icon issue when rare font/language is\n used\n\n - Fix expanded thread root message styling after\n refreshing messages list\n\n - Fix issue where From address was removed from Cc and Bcc\n fields when editing a draft\n\n - Fix error_reporting directive check\n\n - Fix de_DE localization of 'About' label in Help plugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=847179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear-Net_IDNA2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pear-Net_IDNA2-0.1.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"roundcubemail-0.9.5-1.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-Net_IDNA2-0.1.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"roundcubemail-0.9.5-2.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:26:48", "description": "roundcubemail was updated to version 0.9.3 (bnc#837436)\n(CVE-2013-5645)\n\n - Optimized UI behavior for touch devices\n\n - Fix setting refresh_interval to 'Never' in Preferences\n\n - Fix purge action in folder manager\n\n - Fix base URL resolving on attribute values with no\n quotes\n\n - Fix wrong handling of links with '|' character\n\n - Fix colorspace issue on image conversion using\n ImageMagick?\n\n - Fix XSS vulnerability when saving HTML signatures\n\n - Fix XSS vulnerability when editing a message 'as new' or\n draft\n\n - Fix rewrite rule in .htaccess\n\n - Fix detecting Turkish language in ISO-8859-9 encoding\n\n - Fix identity-selection using Return-Path headers\n\n - Fix parsing of links with ... in URL\n\n - Fix compose priority selector when opening in new window\n\n - Fix bug where signature wasn't changed on identity\n selection when editing a draft\n\n - Fix IMAP SETMETADATA parameters quoting\n\n - Fix 'could not load message' error on valid empty\n message body\n\n - Fix handling of message/rfc822 attachments on message\n forward and edit\n\n - Fix parsing of square bracket characters in IMAP\n response strings\n\n - Don't clear References and in-Reply-To when a message is\n 'edited as new'\n\n - Fix messages list sorting with THREAD=REFS\n\n - Remove deprecated (in PHP 5.5) PREG /e modifier usage\n\n - Fix empty messages list when register_globals is enabled\n\n - Fix so valid and set date.timezone is not required by\n installer checks\n\n - Canonize boolean ini_get() results\n\n - Fix so install do not fail when one of DB driver checks\n fails but other drivers exist\n\n - Fix so exported vCard specifies encoding in\n v3-compatible format\n\n - Update to version 0.9.2\n\n - Fix image thumbnails display in print mode\n\n - Fix height of message headers block\n\n - Fix timeout issue on drag&drop uploads\n\n - Fix default sorting of threaded list when THREAD=REFS\n isn't supported\n\n - Fix list mode switch to 'List' after saving list\n settings in Larry skin\n\n - Fix error when there's no writeable addressbook source\n\n - Fix zipdownload plugin issue with filenames charset\n\n - Fix so non-inline images aren't skipped on forward\n\n - Fix 'null' instead of empty string on messages list in\n IE10\n\n - Fix legacy options handling\n\n - Fix so bounces addresses in Sender headers are skipped\n on Reply-All\n\n - Fix bug where serialized strings were truncated in\n PDO::quote()\n\n - Fix displaying messages with invalid self-closing HTML\n tags\n\n - Fix PHP warning when responding to a message with many\n Return-Path headers\n\n - Fix unintentional compose window resize\n\n - Fix performance regression in text wrapping function\n\n - Fix connection to posgtres db using unix socket\n\n - Fix handling of comma when adding contact from contacts\n widget\n\n - Fix bug where a message was opened in both preview pane\n and new window on double-click\n\n - Fix fatal error when xdebug.max_nesting_level was\n exceeded in rcube_washtml\n\n - Fix PHP warning in html_table::set_row_attribs() in PHP\n 5.4\n\n - Fix invalid option selected in default_font selector\n when font is unset\n\n - Fix displaying contact with ID divisible by 100 in sql\n addressbook\n\n - Fix browser warnings on PDF plugin detection\n\n - Fix fatal error when parsing UUencoded messages\n\n - Update to version 0.9.1\n\n - a lot of bugfixes and smaller improvements\n (http://trac.roundcube.net/wiki/Changelog)\n\n - Update to version 0.9.0\n\n - Improved rendering of forwarded and attached messages\n\n - Optionally display and compose email messages a new\n windows\n\n - Unified UI for message view and composition\n\n - Show sender photos from contacts in email view\n\n - Render thumbnails for image attachments\n\n - Download all attachments as zip archive (using the\n zipdownload plugin)\n\n - Forward multiple emails as attachments\n\n - CSV import for contacts", "edition": 21, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : roundcubemail (openSUSE-SU-2013:1420-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5645", "CVE-2012-6121"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:roundcubemail", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-687.NASL", "href": "https://www.tenable.com/plugins/nessus/75132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-687.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75132);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6121\", \"CVE-2013-5645\");\n script_bugtraq_id(57849, 61976);\n\n script_name(english:\"openSUSE Security Update : roundcubemail (openSUSE-SU-2013:1420-1)\");\n script_summary(english:\"Check for the openSUSE-2013-687 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"roundcubemail was updated to version 0.9.3 (bnc#837436)\n(CVE-2013-5645)\n\n - Optimized UI behavior for touch devices\n\n - Fix setting refresh_interval to 'Never' in Preferences\n\n - Fix purge action in folder manager\n\n - Fix base URL resolving on attribute values with no\n quotes\n\n - Fix wrong handling of links with '|' character\n\n - Fix colorspace issue on image conversion using\n ImageMagick?\n\n - Fix XSS vulnerability when saving HTML signatures\n\n - Fix XSS vulnerability when editing a message 'as new' or\n draft\n\n - Fix rewrite rule in .htaccess\n\n - Fix detecting Turkish language in ISO-8859-9 encoding\n\n - Fix identity-selection using Return-Path headers\n\n - Fix parsing of links with ... in URL\n\n - Fix compose priority selector when opening in new window\n\n - Fix bug where signature wasn't changed on identity\n selection when editing a draft\n\n - Fix IMAP SETMETADATA parameters quoting\n\n - Fix 'could not load message' error on valid empty\n message body\n\n - Fix handling of message/rfc822 attachments on message\n forward and edit\n\n - Fix parsing of square bracket characters in IMAP\n response strings\n\n - Don't clear References and in-Reply-To when a message is\n 'edited as new'\n\n - Fix messages list sorting with THREAD=REFS\n\n - Remove deprecated (in PHP 5.5) PREG /e modifier usage\n\n - Fix empty messages list when register_globals is enabled\n\n - Fix so valid and set date.timezone is not required by\n installer checks\n\n - Canonize boolean ini_get() results\n\n - Fix so install do not fail when one of DB driver checks\n fails but other drivers exist\n\n - Fix so exported vCard specifies encoding in\n v3-compatible format\n\n - Update to version 0.9.2\n\n - Fix image thumbnails display in print mode\n\n - Fix height of message headers block\n\n - Fix timeout issue on drag&drop uploads\n\n - Fix default sorting of threaded list when THREAD=REFS\n isn't supported\n\n - Fix list mode switch to 'List' after saving list\n settings in Larry skin\n\n - Fix error when there's no writeable addressbook source\n\n - Fix zipdownload plugin issue with filenames charset\n\n - Fix so non-inline images aren't skipped on forward\n\n - Fix 'null' instead of empty string on messages list in\n IE10\n\n - Fix legacy options handling\n\n - Fix so bounces addresses in Sender headers are skipped\n on Reply-All\n\n - Fix bug where serialized strings were truncated in\n PDO::quote()\n\n - Fix displaying messages with invalid self-closing HTML\n tags\n\n - Fix PHP warning when responding to a message with many\n Return-Path headers\n\n - Fix unintentional compose window resize\n\n - Fix performance regression in text wrapping function\n\n - Fix connection to posgtres db using unix socket\n\n - Fix handling of comma when adding contact from contacts\n widget\n\n - Fix bug where a message was opened in both preview pane\n and new window on double-click\n\n - Fix fatal error when xdebug.max_nesting_level was\n exceeded in rcube_washtml\n\n - Fix PHP warning in html_table::set_row_attribs() in PHP\n 5.4\n\n - Fix invalid option selected in default_font selector\n when font is unset\n\n - Fix displaying contact with ID divisible by 100 in sql\n addressbook\n\n - Fix browser warnings on PDF plugin detection\n\n - Fix fatal error when parsing UUencoded messages\n\n - Update to version 0.9.1\n\n - a lot of bugfixes and smaller improvements\n (http://trac.roundcube.net/wiki/Changelog)\n\n - Update to version 0.9.0\n\n - Improved rendering of forwarded and attached messages\n\n - Optionally display and compose email messages a new\n windows\n\n - Unified UI for message view and composition\n\n - Show sender photos from contacts in email view\n\n - Render thumbnails for image attachments\n\n - Download all attachments as zip archive (using the\n zipdownload plugin)\n\n - Forward multiple emails as attachments\n\n - CSV import for contacts\"\n );\n # http://trac.roundcube.net/wiki/Changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/roundcube/roundcubemail/wiki/Changelog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"roundcubemail-0.9.3-3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"roundcubemail-0.9.3-1.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6172"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:263\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : roundcubemail\r\n Date : October 29, 2013\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in roundcubemail:\r\n \r\n It was discovered that roundcube does not properly sanitize the\r\n _session parameter in steps/utils/save_pref.inc during saving\r\n preferences. The vulnerability can be exploited to overwrite\r\n configuration settings and subsequently allowing random file access,\r\n manipulated SQL queries and even code execution &#40;CVE-2013-6172&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6172\r\n http://roundcube.net/news/2013/10/21/security-updates-095-and-087/\r\n http://www.debian.org/security/2013/dsa-2787\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 43db9d920773fff72cdd3f7c7803c1f9 mes5/i586/roundcubemail-0.7.4-0.3mdvmes5.2.noarch.rpm \r\n 7ac3195a316ef50dc456784f64e59cba mes5/SRPMS/roundcubemail-0.7.4-0.3mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 4485b3258928a975c67a84b75fb1c072 mes5/x86_64/roundcubemail-0.7.4-0.3mdvmes5.2.noarch.rpm \r\n 7ac3195a316ef50dc456784f64e59cba mes5/SRPMS/roundcubemail-0.7.4-0.3mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 2daded1fea6474865e158ae03855b54f mbs1/x86_64/roundcubemail-0.8.6-1.2.mbs1.noarch.rpm \r\n 61f64e3bc8423e82f4ec22cd3b6e18fb mbs1/SRPMS/roundcubemail-0.8.6-1.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFSb54/mqjQ0CJFipgRAm41AKCG6FqChSerDwtpz1x/6WY8kaeLKQCgqzqR\r\nXXONcRHgAA4d5lBGPN1g2Vc=\r\n=H0+s\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "SECURITYVULNS:DOC:30104", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30104", "title": "[ MDVSA-2013:263 ] roundcubemail", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:23:02", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6172"], "description": "Package : roundcube\nVulnerability : design error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-6172\nDebian Bug : 727668\n\nIt was discovered that roundcube, a skinnable AJAX based webmail\nsolution for IMAP servers, does not properly sanitize the _session\nparameter in steps/utils/save_pref.inc during saving preferences. The\nvulnerability can be exploited to overwrite configuration settings and\nsubsequently allowing random file access, manipulated SQL queries and\neven code execution.\n\nroundcube in the oldstable distribution (squeeze) is not affected by\nthis problem.\n\nFor backports for the oldstable distribution (squeeze-backports-sloppy),\nthis problem has been fixed in 0.9.5-1~bpo60+1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.7.2-9+deb7u1.\n\nFor backports for the stable distribution (wheezy-backports),\nthis problem has been fixed in 0.9.5-1~bpo70+1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.4-1.1.\n\nWe recommend that you upgrade your roundcube packages.\n", "edition": 3, "modified": "2013-12-04T12:16:48", "published": "2013-12-04T12:16:48", "id": "DEBIAN:BSA-085:5E784", "href": "https://lists.debian.org/debian-backports-announce/2013/debian-backports-announce-201312/msg00000.html", "title": "[BSA-085] Security Update for roundcube", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6172"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2787-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nOctober 27, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : roundcube\nVulnerability : design error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-6172\nDebian Bug : 727668\n\nIt was discovered that roundcube, a skinnable AJAX based webmail\nsolution for IMAP servers, does not properly sanitize the _session\nparameter in steps/utils/save_pref.inc during saving preferences. The\nvulnerability can be exploited to overwrite configuration settings and\nsubsequently allowing random file access, manipulated SQL queries and\neven code execution.\n\nroundcube in the oldstable distribution (squeeze) is not affected by\nthis problem.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.7.2-9+deb7u1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your roundcube packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-10-27T08:53:34", "published": "2013-10-27T08:53:34", "id": "DEBIAN:DSA-2787-1:60087", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00198.html", "title": "[SECURITY] [DSA 2787-1] roundcube security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6172"], "edition": 1, "description": "### Background\n\nRoundcube is a browser-based multilingual IMAP client with an application-like user interface. \n\n### Description\n\nA vulnerability in steps/utils/save_pref.inc allows remote attackers to use the _session parameter to change configuration settings. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, inject SQL code, or read arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Roundcube 0.9 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/roundcube-0.9.5\"\n \n\nAll Roundcube 0.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/roundcube-0.8.7\"", "modified": "2014-02-11T00:00:00", "published": "2014-02-11T00:00:00", "id": "GLSA-201402-15", "href": "https://security.gentoo.org/glsa/201402-15", "type": "gentoo", "title": "Roundcube: Arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}