2031 matches found
CVE-2008-5619
CVE-2008-5619 affects RoundCube Webmail (versions 0.2-1 alpha and 0.2-3 beta) via the html2text.php integration that uses the chuggnutt HTML-to-text library. The underlying issue is the use of preg_replace with the eval modifier, allowing remote code execution when crafted input is processed. Exp...
CVE-2008-5619
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...
CVE-2008-5620
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...
[SECURITY] Fedora 10 Update: roundcubemail-0.2-4.beta.fc10
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 8 Update: roundcubemail-0.2-4.beta.fc8
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
roundcube -- remote execution of arbitrary code
Entry for CVE-2008-5619 says: html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch...
[SECURITY] Fedora 8 Update: roundcubemail-0.2-0.alpha.fc8
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 9 Update: roundcubemail-0.2-0.alpha.fc9
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 7 Update: roundcubemail-0.2-0.alpha.fc7.1
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
RoundCube Webmail cross-site request forgery vulnerability
Overview RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information...
Unsanitized scripting in RoundCube webmail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Site address: http://roundcube.net/ Roundcube webmail does not sanitize Microsoft Internet Explorer scripting issues reported by Yosuke Hasegawa. Author was contacted on 2007-05-11. I haven't received any response and current 2007-12-09 code is still...
Cross site scripting
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
DEBIAN-CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
The CVE-2007-6321 issue affects Roundcube webmail (0.1rc2 and earlier) where IE could execute XSS via style sheets containing expression commands. Connected OpenVAS/Nessus entries reference Fedora updates (FEDORA-2008-5333/5342/5315) that include XSS fixes for roundcubemail, indicating a patch-ba...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
JVN#33820033 RoundCube Webmail cross-site request forgery vulnerability
RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines. Impact Information such as email subject lines may be disclosed on the web...