Lucene search
K

49 matches found

OSV
OSV
added 2017/01/30 10:59 p.m.9 views

CVE-2015-2180

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...

8.8CVSS9AI score0.04714EPSS
Exploits1References3
OSV
OSV
added 2016/12/08 6:59 p.m.4 views

UBUNTU-CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

7.5CVSS7.5AI score0.05621EPSS
Exploits2References6
OSV
OSV
added 2016/12/08 6:59 p.m.9 views

CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

7.5CVSS7.6AI score0.05621EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2016/12/08 6:59 p.m.70 views

CVE-2016-9920

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

7.5CVSS7.2AI score0.05621EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2016/11/30 12:0 a.m.7 views

PT-2016-7880

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.1.7 Roundcube versions 1.2.x prior to 1.2.3 Description The issue allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. This is due to the...

8.8CVSS7.2AI score0.60162EPSS
Exploits6References28
OSV
OSV
added 2016/01/29 7:59 p.m.11 views

CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...

6.5CVSS6.1AI score
Exploits0References5
OSV
OSV
added 2016/01/29 7:59 p.m.9 views

CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

6.1CVSS6AI score0.01388EPSS
Exploits1References6
OSV
OSV
added 2016/01/29 7:59 p.m.3 views

DEBIAN-CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

6.1CVSS6AI score0.01388EPSS
Exploits1References1
OSV
OSV
added 2010/01/29 6:30 p.m.5 views

CVE-2010-0464

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...

6.6AI score0.01962EPSS
Exploits0References3
Rows per page
Query Builder