18 matches found
Roundcube TimeZone Authenticated File Disclosure
Roundcube Webmail allows unauthorized access to arbitrary files on the host's filesystem, including configuration files. This affects all versions from 1.1.0 through version 1.3.2. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires...
Mageia: Security Advisory (MGASA-2017-0409)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-16651
...
CVE-2020-16651
This CVE entry is rejected/not used and does not represent an active vulnerability.
CVE-2017-16651
creationtimestamp| type| source ---|---|--- 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-06 14:59:44+00:00| seen|...
CVE-2019-16651
creationtimestamp| type| source ---|---|--- 2021-09-20 18:27:13+00:00| seen| https://t.me/cibsecurity/29110...
CVE-2019-16651
CVE-2019-16651 concerns Virgin Media Super Hub 3 (ARRIS TG2492). The SNMP interface allegedly lacks sufficient protection, enabling exploitation via JavaScript and DNS rebinding to leak the user’s WAN IP address. This can reveal the user’s VPN usage and potentially de-anonymize traffic. The Conne...
Roundcube Webmail 1.2 - File Disclosure
Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...
Fedora 27 : roundcubemail (2017-cbc49efae8)
Upstream announcement for version 1.3.3 This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details wi...
[SECURITY] [DLA 1193-1] roundcube security update
Package : roundcube Version : 0.7.2-9+deb7u9 CVE ID : CVE-2017-16651 A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. CVE-2017-16651 An authenticated attacker can take advantage of this flaw to read roundcubes configuration fil...
Fedora Update for roundcubemail FEDORA-2017-cbc49efae8
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Roundcube Webmail < 1.1.10, 1.2.x < 1.2.7, 1.3.x < 1.3.3 File Disclosure Vulnerability
Roundcube Webmail is prone to a file disclosure vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...
[SECURITY] [DSA 4030-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4030-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 09, 2017 https://www.debian.org/security/faq -...
CVE-2017-16651
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...
CVE-2017-16651
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...
CVE-2017-16651
CVE-2017-16651 - Roundcube Webmail file disclosure : Authenticated users can read arbitrary files on the host filesystem via the file-based attachment plugin workflow (_task=settings&_action=upload-display&_from=timezone). Affected versions include Roundcube before 1.1.10, 1.2.x before 1.2.7, and...
VulnCheck KEV: CVE-2017-16651
Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...