Lucene search
K

19 matches found

Nuclei
Nuclei
added 6 days ago50 views

Roundcube Webmail - Command Injection

Roundcube Webmail before 1.4.4 contains a command injection caused by shell metacharacters in configuration settings for imconvertpath or imidentifypath, letting attackers execute arbitrary code, exploit requires attacker to control configuration settings. id: CVE-2020-12641 info: name: Roundcube...

9.8CVSS7.7AI score0.84456EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-36627

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01477EPSS
Exploits0References3
NVD
NVD
added 2024/06/07 4:15 a.m.53 views

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

9.8CVSS0.01477EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/07 3:24 a.m.30 views

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

7.9AI score0.01477EPSS
Exploits0References3
CVE
CVE
added 2024/06/07 3:24 a.m.147 views

CVE-2024-37385

Affected software: Roundcube Webmail on Windows. Vulnerability: command injection in im_convert_path and im_identify_path present in Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7, due to an incomplete fix for CVE-2020-12641. Impact (per CVSS): high confidentiality, integrity, and availabi...

9.8CVSS9.8AI score0.01477EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2023/06/22 6:10 p.m.22 views

CVE-2020-12641

creationtimestamp| type| source ---|---|--- 2023-06-22 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-06-28 19:04:46+00:00| seen| https://t.me/itsecnews/2805 2023-12-04 09:23:00+00:00| seen| https://t.me/arpsyndicate/1166 2024-12-24 20:34:37+00:00| seen|...

9.8CVSS7.6AI score0.84456EPSS
In wildExploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.5 views

SUSE CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS9.9AI score0.84456EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2020/09/25 12:0 a.m.30 views

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2020:1516-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.4AI score0.84456EPSS
Exploits4References4
Check Point Advisories
Check Point Advisories
added 2020/08/17 12:0 a.m.25 views

Roundcube Webmail Command Injection (CVE-2020-12641)

A command injection vulnerability exists in Roundcube Webmail . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.7AI score0.84456EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/06/22 12:0 a.m.32 views

Fedora 32 : roundcubemail (2020-aeffd92b77)

RELEASE 1.4.6 - Installer: Fix regression in SMTP test section 7417 ---- RELEASE 1.4.5 - Fix bug in extracting required plugins from composer.json that led to spurious error in log 7364 - Fix so the database setup description is compatible with MySQL 8 7340 - Markasjunk: Fix regression in jsevent...

9.8CVSS7.4AI score0.84456EPSS
Exploits3References4
Mageia
Mageia
added 2020/06/15 7:54 a.m.47 views

Updated roundcubemail packages fix security vulnerability

The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...

6.3CVSS1.8AI score0.76596EPSS
Exploits2References2
OSV
OSV
added 2020/06/15 7:54 a.m.8 views

MGASA-2020-0261 Updated roundcubemail packages fix security vulnerability

The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting XSS via malicious XML attachment and improves the fix for CVE-2020-12641...

6.3CVSS6.1AI score0.76596EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2020/06/08 12:0 a.m.50 views

Roundcube Webmail < 1.3.12, 1.4.x < 1.4.5 Multiple Vulnerabilities

Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail"; if...

9.8CVSS8.1AI score0.84456EPSS
Exploits5References3
OpenVAS
OpenVAS
added 2020/05/06 12:0 a.m.35 views

Roundcube Webmail < 1.2.10, 1.3.x < 1.3.11, 1.4.x < 1.4.4 Multiple Vulnerabilities

Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail"; if...

9.8CVSS8.2AI score0.84456EPSS
Exploits4References3
NVD
NVD
added 2020/05/04 3:15 p.m.23 views

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS9.7AI score0.84456EPSS
Exploits1References8
OSV
OSV
added 2020/05/04 3:15 p.m.23 views

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS7.7AI score0.84456EPSS
Exploits1References8
OSV
OSV
added 2020/05/04 3:15 p.m.3 views

UBUNTU-CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS7.6AI score0.84456EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2020/05/04 2:58 p.m.35 views

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS9.7AI score0.84456EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2020/05/04 12:0 a.m.41 views

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.9AI score0.84456EPSS
In wildExploits1References8
Rows per page
Query Builder