2031 matches found
CVE-2011-1491
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an...
CVE-2011-1492
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets CSS stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain...
CVE-2011-1491
CVE-2011-1491 affects Roundcube Webmail prior to 0.5.1. The issue is in the login form: an authenticated-but-unintended login sequence can be exploited to obtain sensitive information when a victim logs into the attacker’s account and composes an email, effectively a login CSRF vulnerability. Con...
CVE-2011-1492
CVE-2011-1492 affects Roundcube Webmail prior to 0.5.1. The issue is in steps/utils/modcss.inc, where requests for an external CSS stylesheet are not properly verified, allowing remote authenticated users to trigger arbitrary outbound TCP connections from the server and potentially obtain sensiti...
CVE-2011-1492
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets CSS stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain...
CVE-2011-1491
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an...
[SECURITY] Fedora 15 Update: roundcubemail-0.5.1-1.fc15
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[Backports-security-announce] Security Update for roundcube
Holger Levsen uploaded a new package for roundcube which fixed the following security problems: CVE-2010-0464 Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determi...
[Backports-security-announce] Security Update for roundcube
Holger Levsen uploaded a new package for roundcube which fixed the following security problems: CVE-2010-0464 Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determi...
[Backports-security-announce] Security Update for roundcube
Holger Levsen uploaded a new package for roundcube which fixed the following security problems: CVE-2010-0464 Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determi...
[SECURITY] Fedora 12 Update: roundcubemail-0.3.1-2.fc12
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
DEBIAN-CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
Cross site request forgery (csrf)
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
CVE-2010-0464
CVE-2010-0464 affects Roundcube 0.3.1 and earlier, where the browser is not instructed to avoid DNS prefetching for domain names in email messages, enabling remote attackers to infer the user’s network location by DNS requests. Public references include Fedora backport and Debian backports adviso...
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...
Mandriva Update for mmc-wizard MDVA-2010:040 (mmc-wizard)
Check for the Version of mmc-wizard OpenVAS Vulnerability Test Mandriva Update for mmc-wizard MDVA-2010:040 mmc-wizard Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...