Potential remote code execution in zend-mail via Sendmail adapter

More info at https://framework.zend.com/security/advisory/ZF2016-04...

Potential remote code execution in zend-mail via Sendmail adapter

More info at https://framework.zend.com/security/advisory/ZF2016-04...

Roundcube steps/mail/sendmail.inc Arbitrary Code Execution Vulnerability

Roundcube is a browser-based IMAP client email client that supports address book management, message searching, spell checking and more. An arbitrary code execution vulnerability exists in Roundcube steps/mail/sendmail.inc. Because the program fails to restrict the use of custom envelope addresse...

openSUSE Security Update : roundcubemail (openSUSE-2016-1419)

roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 - A maliciously crafted email could cause untrusted code to be executed cross site scriptin...

Roundcube 1.2.2 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with...

Roundcube 1.2.2 Command Execution

Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with RIPS Introduction ------------ Roundcube is a widely...

Roundcube 1.2.2 - Remote Code Execution

Roundcube 1.2.2 - Remote Code Execution Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with RIPS...

UBUNTU-CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

DEBIAN-CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

CVE-2016-9920

CVE-2016-9920 affects Roundcube before 1.1.7 and 1.2.x before 1.2.3. When no SMTP server is configured and sendmail is enabled, steps/mail/sendmail.inc does not properly restrict custom envelope-from addresses on the sendmail command line, allowing a remote authenticated user to execute arbitrary...

CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

Roundcube1. 2. 2 by email command execution vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Roundcube is an open source web version of the email software, which are widely distributed, many of the world's organizations and companies are in use. From ScourceForge the mirror view, the past 1 years it has 26 million downloads, this is still just the actual user in a small part. As...

Roundcube 1.2.2: Command Execution via Email

中文分析：http://paper.seebug.org/138/ Author: p0wd3r, LG 知道创宇404安全实验室 Roundcube is a widely distributed open-source webmail software used by many organizations and companies around the globe. The mirror on SourceForge, for example, counts more than 260,000 downloads in the last 12 months1 which is on...

openSUSE Security Update : roundcubemail (openSUSE-2016-1418)

This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A malicious...

Security update for roundcubemail (important)

roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 A maliciously crafted email could cause untrusted code to be executed cross site scripting usi...

Critical Vulnerability Patched in Roundcube Webmail

Open source webmail provider Roundcube has released an update that addresses a critical vulnerability in all default configurations that could allow an attacker to run arbitrary code on the host operating system. The flaw is serious because it’s relatively simple to exploit and can allow an...

Roundcube Webmail < 1.1.7, 1.2.x < 1.2.3 RCE Vulnerability

Roundcube Webmail is prone to a remote code execution RCE vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

PT-2016-7880

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.1.7 Roundcube versions 1.2.x prior to 1.2.3 Description The issue allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. This is due to the...