19 matches found
Roundcube Webmail - Command Injection
Roundcube Webmail before 1.4.4 contains a command injection caused by shell metacharacters in configuration settings for imconvertpath or imidentifypath, letting attackers execute arbitrary code, exploit requires attacker to control configuration settings. id: CVE-2020-12641 info: name: Roundcube...
EUVD-2024-36627
Malicious code in bioql PyPI...
CVE-2024-37385
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...
CVE-2024-37385
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...
CVE-2024-37385
Affected software: Roundcube Webmail on Windows. Vulnerability: command injection in im_convert_path and im_identify_path present in Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7, due to an incomplete fix for CVE-2020-12641. Impact (per CVSS): high confidentiality, integrity, and availabi...
CVE-2020-12641
creationtimestamp| type| source ---|---|--- 2023-06-22 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-06-28 19:04:46+00:00| seen| https://t.me/itsecnews/2805 2023-12-04 09:23:00+00:00| seen| https://t.me/arpsyndicate/1166 2024-12-24 20:34:37+00:00| seen|...
SUSE CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2020:1516-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Roundcube Webmail Command Injection (CVE-2020-12641)
A command injection vulnerability exists in Roundcube Webmail . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Fedora 32 : roundcubemail (2020-aeffd92b77)
RELEASE 1.4.6 - Installer: Fix regression in SMTP test section 7417 ---- RELEASE 1.4.5 - Fix bug in extracting required plugins from composer.json that led to spurious error in log 7364 - Fix so the database setup description is compatible with MySQL 8 7340 - Markasjunk: Fix regression in jsevent...
Updated roundcubemail packages fix security vulnerability
The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...
MGASA-2020-0261 Updated roundcubemail packages fix security vulnerability
The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...
Roundcube Webmail < 1.3.12, 1.4.x < 1.4.5 Multiple Vulnerabilities
Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail"; if...
Roundcube Webmail < 1.2.10, 1.3.x < 1.3.11, 1.4.x < 1.4.4 Multiple Vulnerabilities
Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail"; if...
CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
UBUNTU-CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...