Lucene search
K

18 matches found

Metasploit
Metasploit
added 2023/09/06 7:51 p.m.469 views

Roundcube TimeZone Authenticated File Disclosure

Roundcube Webmail allows unauthorized access to arbitrary files on the host's filesystem, including configuration files. This affects all versions from 1.1.0 through version 1.3.2. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires...

7.8CVSS8.1AI score0.42831EPSS
Exploits5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2017-0409)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.42831EPSS
Exploits5References7
Cvelist
Cvelist
added 2021/12/20 10:46 p.m.13 views

CVE-2020-16651

...

Exploits0
CVE
CVE
added 2021/12/20 10:46 p.m.30 views

CVE-2020-16651

This CVE entry is rejected/not used and does not represent an active vulnerability.

6.7AI score
Exploits0
Circl
Circl
added 2021/11/08 8:58 a.m.14 views

CVE-2017-16651

creationtimestamp| type| source ---|---|--- 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-06 14:59:44+00:00| seen|...

7.8CVSS7.2AI score0.42831EPSS
Exploits5References6
Circl
Circl
added 2021/09/20 6:27 p.m.4 views

CVE-2019-16651

creationtimestamp| type| source ---|---|--- 2021-09-20 18:27:13+00:00| seen| https://t.me/cibsecurity/29110...

5.3CVSS5.5AI score0.01109EPSS
Exploits1References1
CVE
CVE
added 2021/09/20 1:26 p.m.50 views

CVE-2019-16651

CVE-2019-16651 concerns Virgin Media Super Hub 3 (ARRIS TG2492). The SNMP interface allegedly lacks sufficient protection, enabling exploitation via JavaScript and DNS rebinding to leak the user’s WAN IP address. This can reveal the user’s VPN usage and potentially de-anonymize traffic. The Conne...

5.3CVSS5.3AI score0.01109EPSS
Exploits1References2Affected Software1
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.258 views

Roundcube Webmail 1.2 - File Disclosure

Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...

7.8CVSS7.8AI score0.42831EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.37 views

Fedora 27 : roundcubemail (2017-cbc49efae8)

Upstream announcement for version 1.3.3 This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details wi...

7.8CVSS7.5AI score0.42831EPSS
Exploits5References2
Debian
Debian
added 2017/11/28 12:44 a.m.27 views

[SECURITY] [DLA 1193-1] roundcube security update

Package : roundcube Version : 0.7.2-9+deb7u9 CVE ID : CVE-2017-16651 A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. CVE-2017-16651 An authenticated attacker can take advantage of this flaw to read roundcubes configuration fil...

7.8CVSS7.1AI score0.42831EPSS
Exploits5
OpenVAS
OpenVAS
added 2017/11/23 12:0 a.m.36 views

Fedora Update for roundcubemail FEDORA-2017-cbc49efae8

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.42831EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2017/11/22 12:0 a.m.397 views

Roundcube Webmail < 1.1.10, 1.2.x < 1.2.7, 1.3.x < 1.3.3 File Disclosure Vulnerability

Roundcube Webmail is prone to a file disclosure vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

7.8CVSS7.7AI score0.42831EPSS
Exploits5References3
Mageia
Mageia
added 2017/11/16 7:39 a.m.36 views

Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...

7.8CVSS2.8AI score0.42831EPSS
Exploits5References3
Debian
Debian
added 2017/11/09 7:45 p.m.24 views

[SECURITY] [DSA 4030-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4030-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 09, 2017 https://www.debian.org/security/faq -...

7.8CVSS7.4AI score0.42831EPSS
Exploits5
NVD
NVD
added 2017/11/09 2:29 p.m.19 views

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

7.8CVSS7.3AI score0.42831EPSS
Exploits5References10
Vulnrichment
Vulnrichment
added 2017/11/09 2:0 p.m.5 views

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

7.3AI score0.42831EPSS
Exploits5References9
CVE
CVE
added 2017/11/09 2:0 p.m.1114 views

CVE-2017-16651

CVE-2017-16651 - Roundcube Webmail file disclosure : Authenticated users can read arbitrary files on the host filesystem via the file-based attachment plugin workflow (_task=settings&_action=upload-display&_from=timezone). Affected versions include Roundcube before 1.1.10, 1.2.x before 1.2.7, and...

7.8CVSS7.2AI score0.42831EPSS
In wildExploits5References10Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2017/11/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-16651

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...

7.8CVSS7AI score0.42831EPSS
Exploits5References1
Rows per page
Query Builder